mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15895 Commits
28 Branches
Tree: 87c987155c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '87c987155c'
${ noResults }
rspamd/rules/bitcoin.lua

bitcoin.lua 4.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 
  1. --[[

  2. Copyright (c) 2019, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Bitcoin filter rules

  18. 

  19. local fun = require "fun"

  20. local bit = require "bit"

  21. local off = 0

  22. local base58_dec = fun.tomap(fun.map(

  23.     function(c)

  24.       off = off + 1

  25.       return c,(off - 1)

  26.     end,

  27.     "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"))

  28. 

  29. local function is_traditional_btc_address(word)

  30.   local hash = require "rspamd_cryptobox_hash"

  31. 

  32.   local bytes = {}

  33.   for i=1,25 do bytes[i] = 0 end

  34.   -- Base58 decode loop

  35.   fun.each(function(ch)

  36.     local acc = base58_dec[ch] or 0

  37.     for i=25,1,-1 do

  38.       acc = acc + (58 * bytes[i]);

  39.       bytes[i] = acc % 256

  40.       acc = math.floor(acc / 256);

  41.     end

  42.   end, word)

  43.   -- Now create a validation tag

  44.   local sha256 = hash.create_specific('sha256')

  45.   for i=1,21 do

  46.     sha256:update(string.char(bytes[i]))

  47.   end

  48.   sha256 = hash.create_specific('sha256', sha256:bin()):bin()

  49. 

  50.   -- Compare tags

  51.   local valid = true

  52.   for i=1,4 do

  53.     if string.sub(sha256, i, i) ~= string.char(bytes[21 + i]) then

  54.       valid = false

  55.     end

  56.   end

  57. 

  58.   return valid

  59. end

  60. 

  61. -- Beach32 checksum combiner

  62. local function polymod(...)

  63.   local chk = 1;

  64.   local gen = {0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3};

  65.   for _,t in ipairs({...}) do

  66.     for _,v in ipairs(t) do

  67.       local top = bit.rshift(chk, 25)

  68. 

  69.       chk = bit.bxor(bit.lshift(bit.band(chk, 0x1ffffff), 5), v)

  70.       for i=1,5 do

  71.         if bit.band(bit.rshift(top, i - 1), 0x1) ~= 0 then

  72.           chk = bit.bxor(chk, gen[i])

  73.         end

  74.       end

  75.     end

  76.   end

  77. 

  78.   return chk

  79. end

  80. 

  81. -- Beach32 expansion function

  82. local function hrpExpand(hrp)

  83.   local ret = {}

  84.   fun.each(function(byte)

  85.     ret[#ret + 1] = bit.rshift(byte, 5)

  86.   end, fun.map(string.byte, fun.iter(hrp)))

  87.   ret[#ret + 1] = 0

  88.   fun.each(function(byte)

  89.     ret[#ret + 1] = bit.band(byte, 0x1f)

  90.   end, fun.map(string.byte, fun.iter(hrp)))

  91. 

  92.   return ret

  93. end

  94. 

  95. local function verify_beach32_cksum(hrp, elts)

  96.   return polymod(hrpExpand(hrp), elts) == 1

  97. end

  98. 

  99. local function is_segwit_bech32_address(word)

  100.   local has_upper, has_lower, has_invalid

  101. 

  102.   if #word > 90 then return false end

  103. 

  104.   fun.each(function(ch)

  105.     if ch < 33 or ch > 126 then

  106.       has_invalid = true

  107.     elseif ch >= 97 and ch <= 122 then

  108.       has_lower = true

  109.     elseif ch >= 65 and ch <= 90 then

  110.       has_upper = true;

  111.     end

  112.   end, fun.map(string.byte, fun.iter(word)))

  113. 

  114.   if has_invalid or (has_lower and has_upper) then

  115.     return false

  116.   end

  117. 

  118.   word = word:lower()

  119.   local last_one_pos = word:find('1[^1]*$')

  120.   if not last_one_pos or (last_one_pos < 1 or last_one_pos + 7 > #word) then

  121.     return false

  122.   end

  123.   local hrp = word:sub(1, last_one_pos - 1)

  124.   local d = {}

  125.   local charset = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l';

  126.   for i=last_one_pos + 1,#word do

  127.     local c = word:sub(i, i)

  128.     local pos = charset:find(c)

  129. 

  130.     if not pos then

  131.       return false

  132.     end

  133.     d[#d + 1] = pos - 1

  134.   end

  135. 

  136.   return verify_beach32_cksum(hrp, d)

  137. end

  138. 

  139. 

  140. rspamd_config:register_symbol{

  141.   name = 'BITCOIN_ADDR',

  142.   description = 'Message has a valid bitcoin wallet address',

  143.   callback = function(task)

  144.     local rspamd_re = require "rspamd_regexp"

  145. 

  146.     local btc_wallet_re = rspamd_re.create_cached('^[13LM][1-9A-Za-z]{25,34}$')

  147.     local segwit_wallet_re = rspamd_re.create_cached('^[b][c]1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{14,74}$', 'i')

  148.     local words_matched = {}

  149.     local segwit_words_matched = {}

  150.     local valid_wallets = {}

  151. 

  152.     for _,part in ipairs(task:get_text_parts() or {}) do

  153.       local pw = part:filter_words(btc_wallet_re, 'raw', 3)

  154. 

  155.       if pw and #pw > 0 then

  156.         for _,w in ipairs(pw) do

  157.           words_matched[#words_matched + 1] = w

  158.         end

  159.       end

  160. 

  161.       pw = part:filter_words(segwit_wallet_re, 'raw', 3)

  162.       if pw and #pw > 0 then

  163.         for _,w in ipairs(pw) do

  164.           segwit_words_matched[#segwit_words_matched + 1] = w

  165.         end

  166.       end

  167.     end

  168. 

  169.     for _,word in ipairs(words_matched) do

  170.       local valid = is_traditional_btc_address(word)

  171.       if valid then

  172.         valid_wallets[#valid_wallets + 1] = word

  173.       end

  174.     end

  175.     for _,word in ipairs(segwit_words_matched) do

  176.       local valid = is_segwit_bech32_address(word)

  177.       if valid then

  178.         valid_wallets[#valid_wallets + 1] = word

  179.       end

  180.     end

  181. 

  182.     if #valid_wallets > 0 then

  183.       return true,1.0,valid_wallets

  184.     end

  185.   end,

  186.   score = 0.0,

  187.   group = 'scams'

  188. }