mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21175 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/rules/bitcoin.lua

bitcoin.lua 6.3KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Bitcoin filter rules

  18. 

  19. local fun = require "fun"

  20. local bit = require "bit"

  21. local lua_util = require "lua_util"

  22. local rspamd_util = require "rspamd_util"

  23. local N = "bitcoin"

  24. 

  25. local off = 0

  26. local base58_dec = fun.tomap(fun.map(

  27.     function(c)

  28.       off = off + 1

  29.       return c, (off - 1)

  30.     end,

  31.     "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"))

  32. 

  33. local function is_traditional_btc_address(word)

  34.   local hash = require "rspamd_cryptobox_hash"

  35. 

  36.   local bytes = {}

  37.   for i = 1, 25 do

  38.     bytes[i] = 0

  39.   end

  40.   -- Base58 decode loop

  41.   fun.each(function(ch)

  42.     local acc = base58_dec[ch] or 0

  43.     for i = 25, 1, -1 do

  44.       acc = acc + (58 * bytes[i]);

  45.       bytes[i] = acc % 256

  46.       acc = math.floor(acc / 256);

  47.     end

  48.   end, word)

  49.   -- Now create a validation tag

  50.   local sha256 = hash.create_specific('sha256')

  51.   for i = 1, 21 do

  52.     sha256:update(string.char(bytes[i]))

  53.   end

  54.   sha256 = hash.create_specific('sha256', sha256:bin()):bin()

  55. 

  56.   -- Compare tags

  57.   local valid = true

  58.   for i = 1, 4 do

  59.     if string.sub(sha256, i, i) ~= string.char(bytes[21 + i]) then

  60.       valid = false

  61.     end

  62.   end

  63. 

  64.   return valid

  65. end

  66. 

  67. -- Beach32 checksum combiner

  68. local function polymod(...)

  69.   local chk = 1;

  70.   local gen = { 0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3 };

  71.   for _, t in ipairs({ ... }) do

  72.     for _, v in ipairs(t) do

  73.       local top = bit.rshift(chk, 25)

  74. 

  75.       chk = bit.bxor(bit.lshift(bit.band(chk, 0x1ffffff), 5), v)

  76.       for i = 1, 5 do

  77.         if bit.band(bit.rshift(top, i - 1), 0x1) ~= 0 then

  78.           chk = bit.bxor(chk, gen[i])

  79.         end

  80.       end

  81.     end

  82.   end

  83. 

  84.   return chk

  85. end

  86. 

  87. -- Beach32 expansion function

  88. local function hrpExpand(hrp)

  89.   local ret = {}

  90.   fun.each(function(byte)

  91.     ret[#ret + 1] = bit.rshift(byte, 5)

  92.   end, fun.map(string.byte, fun.iter(hrp)))

  93.   ret[#ret + 1] = 0

  94.   fun.each(function(byte)

  95.     ret[#ret + 1] = bit.band(byte, 0x1f)

  96.   end, fun.map(string.byte, fun.iter(hrp)))

  97. 

  98.   return ret

  99. end

  100. 

  101. local function verify_beach32_cksum(hrp, elts)

  102.   return polymod(hrpExpand(hrp), elts) == 1

  103. end

  104. 

  105. local function gen_bleach32_table(input)

  106.   local d = {}

  107.   local i = 1

  108.   local res = true

  109.   local charset = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l'

  110. 

  111.   fun.each(function(byte)

  112.     if res then

  113.       local pos = charset:find(byte, 1, true)

  114.       if not pos then

  115.         res = false

  116.       else

  117.         d[i] = pos - 1

  118.         i = i + 1

  119.       end

  120.     end

  121.   end, fun.iter(input))

  122. 

  123.   return res and d or nil

  124. end

  125. 

  126. local function is_segwit_bech32_address(task, word)

  127.   local semicolon_pos = string.find(word, ':')

  128.   local address_part = word

  129.   if semicolon_pos then

  130.     address_part = string.sub(word, semicolon_pos + 1)

  131.   end

  132. 

  133.   local prefix = address_part:sub(1, 3)

  134. 

  135.   if prefix == 'bc1' or prefix:sub(1, 1) == '1' or prefix:sub(1, 1) == '3' then

  136.     -- Strip beach32 prefix in bitcoin

  137.     address_part = address_part:lower()

  138.     local last_one_pos = address_part:find('1[^1]*$')

  139.     if not last_one_pos or (last_one_pos < 1 or last_one_pos + 7 > #address_part) then

  140.       return false

  141.     end

  142.     local hrp = address_part:sub(1, last_one_pos - 1)

  143.     local addr = address_part:sub(last_one_pos + 1, -1)

  144.     local decoded = gen_bleach32_table(addr)

  145. 

  146.     if decoded then

  147.       return verify_beach32_cksum(hrp, decoded)

  148.     end

  149.   else

  150.     -- Bitcoin cash address

  151.     -- https://www.bitcoincash.org/spec/cashaddr.html

  152.     local decoded = gen_bleach32_table(address_part)

  153.     lua_util.debugm(N, task, 'check %s, %s decoded', word, decoded)

  154. 

  155.     if decoded and #decoded > 8 then

  156.       if semicolon_pos then

  157.         prefix = word:sub(1, semicolon_pos - 1)

  158.       else

  159.         prefix = 'bitcoincash'

  160.       end

  161. 

  162.       local polymod_tbl = {}

  163.       fun.each(function(byte)

  164.         local b = bit.band(string.byte(byte), 0x1f)

  165.         table.insert(polymod_tbl, b)

  166.       end, fun.iter(prefix))

  167. 

  168.       -- For semicolon

  169.       table.insert(polymod_tbl, 0)

  170. 

  171.       fun.each(function(byte)

  172.         table.insert(polymod_tbl, byte)

  173.       end, decoded)

  174.       lua_util.debugm(N, task, 'final polymod table: %s', polymod_tbl)

  175. 

  176.       return rspamd_util.btc_polymod(polymod_tbl)

  177.     end

  178.   end

  179. end

  180. 

  181. local normal_wallet_re = [[/\b[13LM][1-9A-Za-z]{25,34}\b/AL{sa_body}]]

  182. local btc_bleach_re = [[/\b(?:(?:[a-zA-Z]\w+:)|(?:bc1))?[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{14,}\b/AL{sa_body}]]

  183. 

  184. config.regexp['BITCOIN_ADDR'] = {

  185.   description = 'Message has a valid bitcoin wallet address',

  186.   -- Use + operator to ensure that each expression is always evaluated

  187.   re = string.format('(%s) + (%s) > 0', normal_wallet_re, btc_bleach_re),

  188.   re_conditions = {

  189.     [normal_wallet_re] = function(task, txt, s, e)

  190.       local len = e - s

  191.       if len <= 2 or len > 1024 then

  192.         return false

  193.       end

  194. 

  195.       local word = lua_util.str_trim(txt:sub(s + 1, e))

  196.       local valid = is_traditional_btc_address(word)

  197. 

  198.       if valid then

  199.         -- To save option

  200.         task:insert_result('BITCOIN_ADDR', 1.0, word)

  201.         lua_util.debugm(N, task, 'found valid traditional bitcoin addr in the word: %s',

  202.             word)

  203.         return true

  204.       else

  205.         lua_util.debugm(N, task, 'found invalid bitcoin addr in the word: %s',

  206.             word)

  207. 

  208.         return false

  209.       end

  210.     end,

  211.     [btc_bleach_re] = function(task, txt, s, e)

  212.       local len = e - s

  213.       if len <= 2 or len > 1024 then

  214.         return false

  215.       end

  216. 

  217.       local word = tostring(lua_util.str_trim(txt:sub(s + 1, e)))

  218.       local valid = is_segwit_bech32_address(task, word)

  219. 

  220.       if valid then

  221.         -- To save option

  222.         task:insert_result('BITCOIN_ADDR', 1.0, word)

  223.         lua_util.debugm(N, task, 'found valid bleach bitcoin addr in the word: %s',

  224.             word)

  225.         return true

  226.       else

  227.         lua_util.debugm(N, task, 'found invalid bitcoin addr in the word: %s',

  228.             word)

  229. 

  230.         return false

  231.       end

  232.     end,

  233.   },

  234.   score = 0.0,

  235.   one_shot = true,

  236.   group = 'scams',

  237. }