/*	$OpenBSD: srs.c,v 1.5 2021/06/14 17:58:16 eric Exp $	*/

/*
 * Copyright (c) 2019 Gilles Chehade <gilles@poolp.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/sha.h>
#include <string.h>

#include "smtpd.h"

static uint8_t	base32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";

static int
minrange(uint16_t tref, uint16_t t2, int drift, int mod)
{
	if (tref > drift) {
		/* t2 must fall in between tref and tref - drift */
		if (t2 <= tref && t2>= tref - drift)
			return 1;
	}
	else {
		/* t2 must fall in between 0 and tref, or wrap */
		if (t2 <= tref || t2 >= mod - (drift - tref))
			return 1;
	}
	return 0;
}

static int
maxrange(uint16_t tref, uint16_t t2, int drift, int mod)
{
	if (tref + drift < 1024) {
		/* t2 must fall in between tref and tref + drift */
		if (t2 >= tref && t2 <= tref + drift)
			return 1;
	}
	else {
		/* t2 must fall in between tref + drift, or wrap */
		if (t2 >= tref || t2 <= (tref + drift) % 1024)
			return 1;
	}
	return 0;
}

static int
timestamp_check_range(uint16_t tref, uint16_t t2)
{
	if (! minrange(tref, t2, env->sc_srs_ttl, 1024) &&
	    ! maxrange(tref, t2, 1, 1024))
		return 0;

	return 1;
}

static const unsigned char *
srs_hash(const char *key, const char *value)
{
	SHA_CTX	c;
	static unsigned char md[SHA_DIGEST_LENGTH];

	SHA1_Init(&c);
	SHA1_Update(&c, key, strlen(key));
	SHA1_Update(&c, value, strlen(value));
	SHA1_Final(md, &c);
	return md;
}

static const char *
srs0_encode(const char *sender, const char *rcpt_domain)
{
	static char dest[SMTPD_MAXMAILADDRSIZE];
	char tmp[SMTPD_MAXMAILADDRSIZE];
	char md[SHA_DIGEST_LENGTH*4+1];
	struct mailaddr maddr;
	uint16_t timestamp;
	int ret;

	/* compute 10 bits timestamp according to spec */
	timestamp = (time(NULL) / (60 * 60 * 24)) % 1024;

	/* parse sender into user and domain */
	if (! text_to_mailaddr(&maddr, sender))
		return sender;

	/* TT=<orig_domainpart>=<orig_userpart>@<new_domainpart> */
	ret = snprintf(tmp, sizeof tmp, "%c%c=%s=%s@%s",
	    base32[(timestamp>>5) & 0x1F],
	    base32[timestamp & 0x1F],
	    maddr.domain, maddr.user, rcpt_domain);
	if (ret == -1 || ret >= (int)sizeof tmp)
		return sender;

	/* compute HHHH */
	base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH,
	    md, sizeof md);

	/* prepend SRS0=HHHH= prefix */
	ret = snprintf(dest, sizeof dest, "SRS0=%c%c%c%c=%s",
	    md[0], md[1], md[2], md[3], tmp);
	if (ret == -1 || ret >= (int)sizeof dest)
		return sender;

	return dest;
}

static const char *
srs1_encode_srs0(const char *sender, const char *rcpt_domain)
{
	static char dest[SMTPD_MAXMAILADDRSIZE];
	char tmp[SMTPD_MAXMAILADDRSIZE];
	char md[SHA_DIGEST_LENGTH*4+1];
	struct mailaddr maddr;
	int ret;

	/* parse sender into user and domain */
	if (! text_to_mailaddr(&maddr, sender))
		return sender;

	/* <last_domainpart>==<SRS0_userpart>@<new_domainpart> */
	ret = snprintf(tmp, sizeof tmp, "%s==%s@%s",
	    maddr.domain, maddr.user, rcpt_domain);
	if (ret == -1 || ret >= (int)sizeof tmp)
		return sender;

	/* compute HHHH */
	base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp), SHA_DIGEST_LENGTH,
		md, sizeof md);

	/* prepend SRS1=HHHH= prefix */
	ret = snprintf(dest, sizeof dest, "SRS1=%c%c%c%c=%s",
	    md[0], md[1], md[2], md[3], tmp);
	if (ret == -1 || ret >= (int)sizeof dest)
		return sender;

	return dest;
}

static const char *
srs1_encode_srs1(const char *sender, const char *rcpt_domain)
{
	static char dest[SMTPD_MAXMAILADDRSIZE];
	char tmp[SMTPD_MAXMAILADDRSIZE];
	char md[SHA_DIGEST_LENGTH*4+1];
	struct mailaddr maddr;
	int ret;

	/* parse sender into user and domain */
	if (! text_to_mailaddr(&maddr, sender))
		return sender;

	/* <SRS1_userpart>@<new_domainpart> */
	ret = snprintf(tmp, sizeof tmp, "%s@%s", maddr.user, rcpt_domain);
	if (ret == -1 || ret >= (int)sizeof tmp)
		return sender;

	/* sanity check: there's at least room for a checksum
	 * with allowed delimiter =, + or -
	 */
	if (strlen(tmp) < 5)
		return sender;
	if (tmp[4] != '=' && tmp[4] != '+' && tmp[4] != '-')
		return sender;

	/* compute HHHH */
	base64_encode_rfc3548(srs_hash(env->sc_srs_key, tmp + 5), SHA_DIGEST_LENGTH,
		md, sizeof md);

	/* prepend SRS1=HHHH= prefix skipping previous hops' HHHH */
	ret = snprintf(dest, sizeof dest, "SRS1=%c%c%c%c=%s",
	    md[0], md[1], md[2], md[3], tmp + 5);
	if (ret == -1 || ret >= (int)sizeof dest)
		return sender;

	return dest;
}

const char *
srs_encode(const char *sender, const char *rcpt_domain)
{
	if (strncasecmp(sender, "SRS0=", 5) == 0)
		return srs1_encode_srs0(sender+5, rcpt_domain);
	if (strncasecmp(sender, "SRS1=", 5) == 0)
		return srs1_encode_srs1(sender+5, rcpt_domain);
	return srs0_encode(sender, rcpt_domain);
}

static const char *
srs0_decode(const char *rcpt)
{
	static char dest[SMTPD_MAXMAILADDRSIZE];
	char md[SHA_DIGEST_LENGTH*4+1];
	struct mailaddr maddr;
	char *p;
	uint8_t *idx;
	int ret;
	uint16_t timestamp, srs_timestamp;

	/* sanity check: we have room for a checksum and delimiter */
	if (strlen(rcpt) < 5)
		return NULL;

	/* compute checksum */
	base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH,
	    md, sizeof md);

	/* compare prefix checksum with computed checksum */
	if (strncmp(md, rcpt, 4) != 0) {
		if (env->sc_srs_key_backup == NULL)
			return NULL;
		base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5),
		    SHA_DIGEST_LENGTH, md, sizeof md);
		if (strncmp(md, rcpt, 4) != 0)
			return NULL;
	}
	rcpt += 5;

	/* sanity check: we have room for a timestamp and delimiter */
	if (strlen(rcpt) < 3)
		return NULL;

	/* decode timestamp */
	if ((idx = strchr(base32, rcpt[0])) == NULL)
		return NULL;
	srs_timestamp = ((idx - base32) << 5);

	if ((idx = strchr(base32, rcpt[1])) == NULL)
		return NULL;
	srs_timestamp |= (idx - base32);
	rcpt += 3;

	/* compute current 10 bits timestamp */
	timestamp = (time(NULL) / (60 * 60 * 24)) % 1024;

	/* check that SRS timestamp isn't too far from current */
	if (timestamp != srs_timestamp)
		if (! timestamp_check_range(timestamp, srs_timestamp))
			return NULL;

	if (! text_to_mailaddr(&maddr, rcpt))
		return NULL;

	/* sanity check: we have at least one SRS separator */
	if ((p = strchr(maddr.user, '=')) == NULL)
		return NULL;
	*p++ = '\0';

	/* maddr.user holds "domain\0user", with p pointing at user */
	ret = snprintf(dest, sizeof dest, "%s@%s", p, maddr.user);
	if (ret == -1 || ret >= (int)sizeof dest)
		return NULL;

	return dest;
}

static const char *
srs1_decode(const char *rcpt)
{
	static char dest[SMTPD_MAXMAILADDRSIZE];
	char md[SHA_DIGEST_LENGTH*4+1];
	struct mailaddr maddr;
	char *p;
	uint8_t *idx;
	int ret;
	uint16_t timestamp, srs_timestamp;

	/* sanity check: we have room for a checksum and delimiter */
	if (strlen(rcpt) < 5)
		return NULL;

	/* compute checksum */
	base64_encode_rfc3548(srs_hash(env->sc_srs_key, rcpt+5), SHA_DIGEST_LENGTH,
	    md, sizeof md);

	/* compare prefix checksum with computed checksum */
	if (strncmp(md, rcpt, 4) != 0) {
		if (env->sc_srs_key_backup == NULL)
			return NULL;
		base64_encode_rfc3548(srs_hash(env->sc_srs_key_backup, rcpt+5),
		    SHA_DIGEST_LENGTH, md, sizeof md);
		if (strncmp(md, rcpt, 4) != 0)
			return NULL;
	}
	rcpt += 5;

	if (! text_to_mailaddr(&maddr, rcpt))
		return NULL;

	/* sanity check: we have at least one SRS separator */
	if ((p = strchr(maddr.user, '=')) == NULL)
		return NULL;
	*p++ = '\0';

	/* maddr.user holds "domain\0user", with p pointing at user */
	ret = snprintf(dest, sizeof dest, "SRS0%s@%s", p, maddr.user);
	if (ret == -1 || ret >= (int)sizeof dest)
		return NULL;


	/* we're ready to return decoded address, but let's check if
	 * SRS0 timestamp is valid.
	 */

	/* first, get rid of SRS0 checksum (=HHHH=), we can't check it */
	if (strlen(p) < 6)
		return NULL;
	p += 6;

	/* we should be pointing to a timestamp, check that we're indeed */
	if (strlen(p) < 3)
		return NULL;
	if (p[2] != '=' && p[2] != '+' && p[2] != '-')
		return NULL;
	p[2] = '\0';

	if ((idx = strchr(base32, p[0])) == NULL)
		return NULL;
	srs_timestamp = ((idx - base32) << 5);

	if ((idx = strchr(base32, p[1])) == NULL)
		return NULL;
	srs_timestamp |= (idx - base32);

	/* compute current 10 bits timestamp */
	timestamp = (time(NULL) / (60 * 60 * 24)) % 1024;

	/* check that SRS timestamp isn't too far from current */
	if (timestamp != srs_timestamp)
		if (! timestamp_check_range(timestamp, srs_timestamp))
			return NULL;

	return dest;
}

const char *
srs_decode(const char *rcpt)
{
	if (strncasecmp(rcpt, "SRS0=", 5) == 0)
		return srs0_decode(rcpt + 5);
	if (strncasecmp(rcpt, "SRS1=", 5) == 0)
		return srs1_decode(rcpt + 5);

	return NULL;
}