static gboolean rspamd_map_check_file_sig (const char *fname, struct rspamd_map *map, struct rspamd_map_backend *bk, const guchar *input, gsize inlen) { gchar fpath[PATH_MAX]; guchar *data; struct rspamd_cryptobox_pubkey *pk = NULL; GString *b32_key; gboolean ret; gsize len = 0; if (bk->trusted_pubkey == NULL) { /* Try to load and check pubkey */ rspamd_snprintf (fpath, sizeof (fpath), "%s.pub", fname); data = rspamd_file_xmap (fpath, PROT_READ, &len); if (data == NULL) { msg_err_map ("can't open pubkey %s: %s", fpath, strerror (errno)); return FALSE; } pk = rspamd_pubkey_from_base32 (data, len, RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519); munmap (data, len); if (pk == NULL) { msg_err_map ("can't load pubkey %s", fpath); return FALSE; } /* We just check pk against the trusted db of keys */ b32_key = rspamd_pubkey_print (pk, RSPAMD_KEYPAIR_BASE32|RSPAMD_KEYPAIR_PUBKEY); g_assert (b32_key != NULL); if (g_hash_table_lookup (map->cfg->trusted_keys, b32_key->str) == NULL) { msg_err_map ("pubkey loaded from %s is untrusted: %v", fpath, b32_key); g_string_free (b32_key, TRUE); rspamd_pubkey_unref (pk); return FALSE; } g_string_free (b32_key, TRUE); } else { pk = rspamd_pubkey_ref (bk->trusted_pubkey); } ret = rspamd_map_check_sig_pk (fname, map, input, inlen, pk); rspamd_pubkey_unref (pk); return ret; }
/*** * @function rspamd_cryptobox_pubkey.create(data[, type[, alg]]) * Loads public key from base32 encoded file * @param {base32 string} base32 string with the key * @param {string} type optional 'sign' or 'kex' for signing and encryption * @param {string} alg optional 'default' or 'nist' for curve25519/nistp256 keys * @return {cryptobox_pubkey} new public key */ static gint lua_cryptobox_pubkey_create (lua_State *L) { struct rspamd_cryptobox_pubkey *pkey = NULL, **ppkey; const gchar *buf, *arg; gsize len; gint type = RSPAMD_KEYPAIR_SIGN; gint alg = RSPAMD_CRYPTOBOX_MODE_25519; buf = luaL_checklstring (L, 1, &len); if (buf != NULL) { if (lua_type (L, 2) == LUA_TSTRING) { /* keypair type */ arg = lua_tostring (L, 2); if (strcmp (arg, "sign") == 0) { type = RSPAMD_KEYPAIR_SIGN; } else if (strcmp (arg, "kex") == 0) { type = RSPAMD_KEYPAIR_KEX; } } if (lua_type (L, 3) == LUA_TSTRING) { /* algorithm */ arg = lua_tostring (L, 3); if (strcmp (arg, "default") == 0 || strcmp (arg, "curve25519") == 0) { type = RSPAMD_CRYPTOBOX_MODE_25519; } else if (strcmp (arg, "nist") == 0) { type = RSPAMD_CRYPTOBOX_MODE_NIST; } } pkey = rspamd_pubkey_from_base32 (buf, len, type, alg); if (pkey == NULL) { msg_err ("cannot load pubkey from string"); lua_pushnil (L); } else { ppkey = lua_newuserdata (L, sizeof (void *)); rspamd_lua_setclass (L, "rspamd{cryptobox_pubkey}", -1); *ppkey = pkey; } } else { return luaL_error (L, "bad input arguments"); } return 1; }
struct rspamd_client_connection * rspamd_client_init (struct event_base *ev_base, const gchar *name, guint16 port, gdouble timeout, const gchar *key) { struct rspamd_client_connection *conn; gint fd; fd = rspamd_socket (name, port, SOCK_STREAM, TRUE, FALSE, TRUE); if (fd == -1) { return NULL; } conn = g_slice_alloc0 (sizeof (struct rspamd_client_connection)); conn->ev_base = ev_base; conn->fd = fd; conn->req_sent = FALSE; conn->keys_cache = rspamd_keypair_cache_new (32); conn->http_conn = rspamd_http_connection_new (rspamd_client_body_handler, rspamd_client_error_handler, rspamd_client_finish_handler, 0, RSPAMD_HTTP_CLIENT, conn->keys_cache, NULL); conn->server_name = g_string_new (name); if (port != 0) { rspamd_printf_gstring (conn->server_name, ":%d", (int)port); } double_to_tv (timeout, &conn->timeout); if (key) { conn->key = rspamd_pubkey_from_base32 (key, 0, RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); if (conn->key) { conn->keypair = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); rspamd_http_connection_set_key (conn->http_conn, conn->keypair); } else { rspamd_client_destroy (conn); return NULL; } } return conn; }
static const gchar * rspamd_map_check_proto (struct rspamd_config *cfg, const gchar *map_line, struct rspamd_map *map) { const gchar *pos = map_line, *end, *end_key; g_assert (map != NULL); g_assert (pos != NULL); end = pos + strlen (pos); if (g_ascii_strncasecmp (pos, "sign+", sizeof ("sign+") - 1) == 0) { map->is_signed = TRUE; pos += sizeof ("sign+") - 1; } if (g_ascii_strncasecmp (pos, "key=", sizeof ("key=") - 1) == 0) { pos += sizeof ("key=") - 1; end_key = memchr (pos, '+', end - pos); if (end_key != NULL) { map->trusted_pubkey = rspamd_pubkey_from_base32 (pos, end_key - pos, RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519); if (map->trusted_pubkey == NULL) { msg_err_config ("cannot read pubkey from map: %s", map_line); return NULL; } pos = end_key + 1; } else if (end - pos > 64) { /* Try hex encoding */ map->trusted_pubkey = rspamd_pubkey_from_hex (pos, 64, RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519); if (map->trusted_pubkey == NULL) { msg_err_config ("cannot read pubkey from map: %s", map_line); return NULL; } pos += 64; } else { msg_err_config ("cannot read pubkey from map: %s", map_line); return NULL; } if (*pos == '+' || *pos == ':') { pos ++; } } map->protocol = MAP_PROTO_FILE; if (g_ascii_strncasecmp (pos, "http://", sizeof ("http://") - 1) == 0) { map->protocol = MAP_PROTO_HTTP; /* Include http:// */ map->uri = rspamd_mempool_strdup (cfg->cfg_pool, pos); pos += sizeof ("http://") - 1; } else if (g_ascii_strncasecmp (pos, "file://", sizeof ("file://") - 1) == 0) { pos += sizeof ("file://") - 1; /* Exclude file:// */ map->uri = rspamd_mempool_strdup (cfg->cfg_pool, pos); } else if (*pos == '/') { /* Trivial file case */ map->uri = rspamd_mempool_strdup (cfg->cfg_pool, pos); } else { msg_err_config ("invalid map fetching protocol: %s", map_line); return NULL; } return pos; }
static int http_map_finish (struct rspamd_http_connection *conn, struct rspamd_http_message *msg) { struct http_callback_data *cbd = conn->ud; struct rspamd_map *map; rspamd_mempool_t *pool; char fpath[PATH_MAX]; guchar *aux_data, *in = NULL; gsize inlen = 0; struct stat st; map = cbd->map; pool = cbd->map->pool; if (msg->code == 200) { if (cbd->stage == map_load_file) { if (msg->last_modified) { cbd->data->last_checked = msg->last_modified; } else { cbd->data->last_checked = msg->date; } /* Maybe we need to check signature ? */ if (map->is_signed) { close (cbd->out_fd); if (map->trusted_pubkey) { /* No need to load key */ cbd->stage = map_load_signature; cbd->pk = rspamd_pubkey_ref (map->trusted_pubkey); rspamd_snprintf (fpath, sizeof (fpath), "%s.sig", cbd->tmpfile); } else { rspamd_snprintf (fpath, sizeof (fpath), "%s.pub", cbd->tmpfile); cbd->stage = map_load_pubkey; } cbd->out_fd = rspamd_file_xopen (fpath, O_RDWR|O_CREAT, 00644); if (cbd->out_fd == -1) { msg_err_pool ("cannot open pubkey file %s for writing: %s", fpath, strerror (errno)); goto end; } rspamd_http_connection_reset (cbd->conn); write_http_request (cbd); goto end; } else { /* Unsinged version - just open file */ in = rspamd_file_xmap (cbd->tmpfile, PROT_READ, &inlen); if (in == NULL) { msg_err_pool ("cannot read tempfile %s: %s", cbd->tmpfile, strerror (errno)); goto end; } } } else if (cbd->stage == map_load_pubkey) { /* We now can load pubkey */ (void)lseek (cbd->out_fd, 0, SEEK_SET); if (fstat (cbd->out_fd, &st) == -1) { msg_err_pool ("cannot stat pubkey file %s: %s", fpath, strerror (errno)); goto end; } aux_data = mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, cbd->out_fd, 0); close (cbd->out_fd); cbd->out_fd = -1; if (aux_data == MAP_FAILED) { msg_err_pool ("cannot map pubkey file %s: %s", fpath, strerror (errno)); goto end; } cbd->pk = rspamd_pubkey_from_base32 (aux_data, st.st_size, RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519); munmap (aux_data, st.st_size); if (cbd->pk == NULL) { msg_err_pool ("cannot load pubkey file %s: bad pubkey", fpath); goto end; } rspamd_snprintf (fpath, sizeof (fpath), "%s.sig", cbd->tmpfile); cbd->out_fd = rspamd_file_xopen (fpath, O_RDWR|O_CREAT, 00644); if (cbd->out_fd == -1) { msg_err_pool ("cannot open signature file %s for writing: %s", fpath, strerror (errno)); goto end; } cbd->stage = map_load_signature; rspamd_http_connection_reset (cbd->conn); write_http_request (cbd); goto end; } else if (cbd->stage == map_load_signature) { /* We can now check signature */ close (cbd->out_fd); cbd->out_fd = -1; in = rspamd_file_xmap (cbd->tmpfile, PROT_READ, &inlen); if (in == NULL) { msg_err_pool ("cannot read tempfile %s: %s", cbd->tmpfile, strerror (errno)); goto end; } if (!rspamd_map_check_sig_pk (cbd->tmpfile, map, in, inlen, cbd->pk)) { goto end; } } g_assert (in != NULL); map->read_callback (map->pool, in, inlen, &cbd->cbdata, TRUE); map->fin_callback (map->pool, &cbd->cbdata); *map->user_data = cbd->cbdata.cur_data; msg_info_pool ("read map data from %s", cbd->data->host); } else if (msg->code == 304 && cbd->stage == map_load_file) { msg_debug_pool ("data is not modified for server %s", cbd->data->host); if (msg->last_modified) { cbd->data->last_checked = msg->last_modified; } else { cbd->data->last_checked = msg->date; } } else { msg_info_pool ("cannot load map %s from %s: HTTP error %d", map->uri, cbd->data->host, msg->code); } end: REF_RELEASE (cbd); return 0; }
/*** * @function rspamd_cryptobox_pubkey.load(file[, type[, alg]]) * Loads public key from base32 encoded file * @param {string} file filename to load * @param {string} type optional 'sign' or 'kex' for signing and encryption * @param {string} alg optional 'default' or 'nist' for curve25519/nistp256 keys * @return {cryptobox_pubkey} new public key */ static gint lua_cryptobox_pubkey_load (lua_State *L) { struct rspamd_cryptobox_pubkey *pkey = NULL, **ppkey; const gchar *filename, *arg; gint type = RSPAMD_KEYPAIR_SIGN; gint alg = RSPAMD_CRYPTOBOX_MODE_25519; guchar *map; gsize len; filename = luaL_checkstring (L, 1); if (filename != NULL) { map = rspamd_file_xmap (filename, PROT_READ, &len); if (map == NULL) { msg_err ("cannot open pubkey from file: %s, %s", filename, strerror (errno)); lua_pushnil (L); } else { if (lua_type (L, 2) == LUA_TSTRING) { /* keypair type */ arg = lua_tostring (L, 2); if (strcmp (arg, "sign") == 0) { type = RSPAMD_KEYPAIR_SIGN; } else if (strcmp (arg, "kex") == 0) { type = RSPAMD_KEYPAIR_KEX; } } if (lua_type (L, 3) == LUA_TSTRING) { /* algorithm */ arg = lua_tostring (L, 3); if (strcmp (arg, "default") == 0 || strcmp (arg, "curve25519") == 0) { type = RSPAMD_CRYPTOBOX_MODE_25519; } else if (strcmp (arg, "nist") == 0) { type = RSPAMD_CRYPTOBOX_MODE_NIST; } } pkey = rspamd_pubkey_from_base32 (map, len, type, alg); if (pkey == NULL) { msg_err ("cannot open pubkey from file: %s", filename); munmap (map, len); lua_pushnil (L); } else { munmap (map, len); ppkey = lua_newuserdata (L, sizeof (void *)); rspamd_lua_setclass (L, "rspamd{cryptobox_pubkey}", -1); *ppkey = pkey; } } } else { return luaL_error (L, "bad input arguments"); } return 1; }
static int http_map_finish (struct rspamd_http_connection *conn, struct rspamd_http_message *msg) { struct http_callback_data *cbd = conn->ud; struct rspamd_map *map; struct rspamd_map_backend *bk; guchar *aux_data, *in = NULL; gsize inlen = 0, dlen = 0; map = cbd->map; bk = cbd->bk; if (msg->code == 200) { if (cbd->check) { cbd->periodic->need_modify = TRUE; /* Reset the whole chain */ cbd->periodic->cur_backend = 0; rspamd_map_periodic_callback (-1, EV_TIMEOUT, cbd->periodic); MAP_RELEASE (cbd, "http_callback_data"); return 0; } if (cbd->stage == map_load_file) { if (msg->last_modified) { cbd->data->last_checked = msg->last_modified; } else { cbd->data->last_checked = msg->date; } /* Maybe we need to check signature ? */ if (bk->is_signed) { if (bk->trusted_pubkey) { /* No need to load key */ cbd->stage = map_load_signature; cbd->pk = rspamd_pubkey_ref (bk->trusted_pubkey); } else { cbd->stage = map_load_pubkey; } cbd->shmem_data = rspamd_http_message_shmem_ref (msg); cbd->data_len = msg->body_buf.len; rspamd_http_connection_reset (cbd->conn); write_http_request (cbd); MAP_RELEASE (cbd, "http_callback_data"); return 0; } else { /* Unsinged version - just open file */ cbd->shmem_data = rspamd_http_message_shmem_ref (msg); cbd->data_len = msg->body_buf.len; goto read_data; } } else if (cbd->stage == map_load_pubkey) { /* We now can load pubkey */ cbd->shmem_pubkey = rspamd_http_message_shmem_ref (msg); cbd->pubkey_len = msg->body_buf.len; aux_data = rspamd_shmem_xmap (cbd->shmem_pubkey->shm_name, PROT_READ, &inlen); if (aux_data == NULL) { msg_err_map ("cannot map pubkey file %s: %s", cbd->shmem_pubkey->shm_name, strerror (errno)); goto err; } if (inlen < cbd->pubkey_len) { msg_err_map ("cannot map pubkey file %s: %s", cbd->shmem_pubkey->shm_name, strerror (errno)); munmap (aux_data, inlen); goto err; } cbd->pk = rspamd_pubkey_from_base32 (aux_data, cbd->pubkey_len, RSPAMD_KEYPAIR_SIGN, RSPAMD_CRYPTOBOX_MODE_25519); munmap (aux_data, inlen); if (cbd->pk == NULL) { msg_err_map ("cannot load pubkey file %s: bad pubkey", cbd->shmem_pubkey->shm_name); goto err; } cbd->stage = map_load_signature; rspamd_http_connection_reset (cbd->conn); write_http_request (cbd); MAP_RELEASE (cbd, "http_callback_data"); return 0; } else if (cbd->stage == map_load_signature) { /* We can now check signature */ cbd->shmem_sig = rspamd_http_message_shmem_ref (msg); cbd->sig_len = msg->body_buf.len; aux_data = rspamd_shmem_xmap (cbd->shmem_sig->shm_name, PROT_READ, &inlen); if (aux_data == NULL) { msg_err_map ("cannot map signature file %s: %s", cbd->shmem_sig->shm_name, strerror (errno)); goto err; } if (inlen < cbd->sig_len) { msg_err_map ("cannot map pubkey file %s: %s", cbd->shmem_pubkey->shm_name, strerror (errno)); munmap (aux_data, inlen); goto err; } in = rspamd_shmem_xmap (cbd->shmem_data->shm_name, PROT_READ, &dlen); if (in == NULL) { msg_err_map ("cannot read tempfile %s: %s", cbd->shmem_data->shm_name, strerror (errno)); munmap (aux_data, inlen); goto err; } if (!rspamd_map_check_sig_pk_mem (aux_data, cbd->sig_len, map, in, cbd->data_len, cbd->pk)) { munmap (aux_data, inlen); munmap (in, dlen); goto err; } munmap (in, dlen); } read_data: g_assert (cbd->shmem_data != NULL); in = rspamd_shmem_xmap (cbd->shmem_data->shm_name, PROT_READ, &dlen); if (in == NULL) { msg_err_map ("cannot read tempfile %s: %s", cbd->shmem_data->shm_name, strerror (errno)); goto err; } map->read_callback (in, cbd->data_len, &cbd->periodic->cbdata, TRUE); msg_info_map ("read map data from %s", cbd->data->host); /* * We know that a map is in the locked state */ if (g_atomic_int_compare_and_exchange (&map->cache->available, 0, 1)) { /* Store cached data */ struct rspamd_http_map_cached_cbdata *cache_cbd; struct timeval tv; rspamd_strlcpy (map->cache->shmem_name, cbd->shmem_data->shm_name, sizeof (map->cache->shmem_name)); map->cache->len = cbd->data_len; map->cache->last_checked = cbd->data->last_checked; cache_cbd = g_slice_alloc0 (sizeof (*cache_cbd)); cache_cbd->shm = cbd->shmem_data; cache_cbd->map = map; MAP_RETAIN (cache_cbd->shm, "shmem_data"); event_set (&cache_cbd->timeout, -1, EV_TIMEOUT, rspamd_map_cache_cb, cache_cbd); event_base_set (cbd->ev_base, &cache_cbd->timeout); double_to_tv (map->poll_timeout, &tv); event_add (&cache_cbd->timeout, &tv); } cbd->periodic->cur_backend ++; munmap (in, dlen); rspamd_map_periodic_callback (-1, EV_TIMEOUT, cbd->periodic); } else if (msg->code == 304 && (cbd->check && cbd->stage == map_load_file)) { msg_debug_map ("data is not modified for server %s", cbd->data->host); if (msg->last_modified) { cbd->data->last_checked = msg->last_modified; } else { cbd->data->last_checked = msg->date; } cbd->periodic->cur_backend ++; rspamd_map_periodic_callback (-1, EV_TIMEOUT, cbd->periodic); } else { msg_info_map ("cannot load map %s from %s: HTTP error %d", bk->uri, cbd->data->host, msg->code); } MAP_RELEASE (cbd, "http_callback_data"); return 0; err: cbd->periodic->errored = 1; rspamd_map_periodic_callback (-1, EV_TIMEOUT, cbd->periodic); MAP_RELEASE (cbd, "http_callback_data"); return 0; }
static void rspamadm_signtool (gint argc, gchar **argv) { GOptionContext *context; GError *error = NULL; struct ucl_parser *parser; ucl_object_t *top; struct rspamd_cryptobox_pubkey *pk; struct rspamd_cryptobox_keypair *kp; gsize fsize, flen; gint i; context = g_option_context_new ( "keypair - create encryption keys"); g_option_context_set_summary (context, "Summary:\n Rspamd administration utility version " RVERSION "\n Release id: " RID); g_option_context_add_main_entries (context, entries, NULL); if (!g_option_context_parse (context, &argc, &argv, &error)) { rspamd_fprintf (stderr, "option parsing failed: %s\n", error->message); g_error_free (error); exit (1); } if (openssl) { mode = RSPAMD_CRYPTOBOX_MODE_NIST; } if (verify && (!pubkey && !pubkey_file)) { rspamd_fprintf (stderr, "no pubkey for verification\n"); exit (1); } else if (!verify && (!keypair_file)) { rspamd_fprintf (stderr, "no keypair for signing\n"); exit (1); } if (verify) { g_assert (pubkey || pubkey_file); if (pubkey_file) { gint fd; gchar *map; struct stat st; fd = open (pubkey_file, O_RDONLY); if (fd == -1) { rspamd_fprintf (stderr, "cannot open %s: %s\n", pubkey_file, strerror (errno)); exit (errno); } g_assert (fstat (fd, &st) != -1); fsize = st.st_size; flen = fsize; map = mmap (NULL, fsize, PROT_READ, MAP_SHARED, fd, 0); close (fd); if (map == MAP_FAILED) { rspamd_fprintf (stderr, "cannot read %s: %s\n", pubkey_file, strerror (errno)); exit (errno); } /* XXX: assume base32 pubkey now */ while (flen > 0 && g_ascii_isspace (map[flen - 1])) { flen --; } pk = rspamd_pubkey_from_base32 (map, flen, RSPAMD_KEYPAIR_SIGN, mode); if (pk == NULL) { rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n", flen, rspamd_cryptobox_pk_sig_bytes (mode)); exit (errno); } munmap (map, fsize); } else { pk = rspamd_pubkey_from_base32 (pubkey, strlen (pubkey), RSPAMD_KEYPAIR_SIGN, mode); if (pk == NULL) { rspamd_fprintf (stderr, "bad size %s: %ud, %ud expected\n", strlen (pubkey), rspamd_cryptobox_pk_sig_bytes (mode)); exit (errno); } } for (i = 1; i < argc; i++) { /* XXX: support cmd line signature */ if (!rspamadm_verify_file (argv[i], rspamd_pubkey_get_pk (pk, NULL))) { exit (EXIT_FAILURE); } } g_free (pk); } else { g_assert (keypair_file != NULL); parser = ucl_parser_new (0); if (!ucl_parser_add_file (parser, keypair_file) || (top = ucl_parser_get_object (parser)) == NULL) { rspamd_fprintf (stderr, "cannot load keypair: %s\n", ucl_parser_get_error (parser)); exit (EINVAL); } ucl_parser_free (parser); kp = rspamd_keypair_from_ucl (top); if (kp == NULL || rspamd_keypair_type (kp) != RSPAMD_KEYPAIR_SIGN) { rspamd_fprintf (stderr, "invalid or unsuitable for signing key\n"); exit (EXIT_FAILURE); } for (i = 1; i < argc; i++) { /* XXX: support cmd line signature */ if (!rspamadm_sign_file (argv[i], kp)) { rspamd_keypair_unref (kp); exit (EXIT_FAILURE); } } rspamd_keypair_unref (kp); } }
void rspamd_http_test_func (void) { struct event_base *ev_base = event_init (); rspamd_mempool_t *pool = rspamd_mempool_new (rspamd_mempool_suggest_size (), NULL); struct rspamd_cryptobox_keypair *serv_key, *client_key; struct rspamd_cryptobox_pubkey *peer_key; struct rspamd_keypair_cache *c; rspamd_mempool_mutex_t *mtx; rspamd_inet_addr_t *addr; gdouble ts1, ts2; gchar filepath[PATH_MAX], *buf; gchar *env; gint fd; guint i, j; pid_t *sfd; GString *b32_key; double diff, total_diff = 0.0, *latency, mean, std; /* Read environment */ if ((env = getenv ("RSPAMD_HTTP_CONNS")) != NULL) { pconns = strtoul (env, NULL, 10); } else { return; } if ((env = getenv ("RSPAMD_HTTP_TESTS")) != NULL) { ntests = strtoul (env, NULL, 10); } if ((env = getenv ("RSPAMD_HTTP_SIZE")) != NULL) { file_size = strtoul (env, NULL, 10); } if ((env = getenv ("RSPAMD_HTTP_SERVERS")) != NULL) { nservers = strtoul (env, NULL, 10); } rspamd_cryptobox_init (); rspamd_snprintf (filepath, sizeof (filepath), "/tmp/http-test-XXXXXX"); g_assert ((fd = mkstemp (filepath)) != -1); sfd = g_alloca (sizeof (*sfd) * nservers); latency = g_malloc0 (pconns * ntests * sizeof (gdouble)); buf = g_malloc (file_size); memset (buf, 0, file_size); g_assert (write (fd, buf, file_size) == file_size); g_free (buf); mtx = rspamd_mempool_get_mutex (pool); rspamd_parse_inet_address (&addr, "127.0.0.1", 0); rspamd_inet_address_set_port (addr, 43898); serv_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); client_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); c = rspamd_keypair_cache_new (16); rspamd_http_start_servers (sfd, addr, serv_key, NULL); usleep (100000); /* Do client stuff */ gperf_profiler_init (NULL, "plain-http-client"); for (i = 0; i < ntests; i ++) { for (j = 0; j < pconns; j ++) { rspamd_http_client_func (filepath + sizeof ("/tmp") - 1, addr, NULL, NULL, c, ev_base, &latency[i * pconns + j]); } ts1 = rspamd_get_ticks (); event_base_loop (ev_base, 0); ts2 = rspamd_get_ticks (); diff = (ts2 - ts1) * 1000.0; total_diff += diff; } gperf_profiler_stop (); msg_info ("Made %d connections of size %d in %.6f ms, %.6f cps", ntests * pconns, file_size, total_diff, ntests * pconns / total_diff * 1000.); mean = rspamd_http_calculate_mean (latency, &std); msg_info ("Latency: %.6f ms mean, %.6f dev", mean, std); rspamd_http_stop_servers (sfd); rspamd_http_start_servers (sfd, addr, serv_key, c); //rspamd_mempool_lock_mutex (mtx); usleep (100000); b32_key = rspamd_keypair_print (serv_key, RSPAMD_KEYPAIR_PUBKEY|RSPAMD_KEYPAIR_BASE32); g_assert (b32_key != NULL); peer_key = rspamd_pubkey_from_base32 (b32_key->str, b32_key->len, RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_25519); g_assert (peer_key != NULL); total_diff = 0.0; gperf_profiler_init (NULL, "cached-http-client"); for (i = 0; i < ntests; i ++) { for (j = 0; j < pconns; j ++) { rspamd_http_client_func (filepath + sizeof ("/tmp") - 1, addr, client_key, peer_key, c, ev_base, &latency[i * pconns + j]); } ts1 = rspamd_get_ticks (); event_base_loop (ev_base, 0); ts2 = rspamd_get_ticks (); diff = (ts2 - ts1) * 1000.0; total_diff += diff; } gperf_profiler_stop (); msg_info ("Made %d encrypted connections of size %d in %.6f ms, %.6f cps", ntests * pconns, file_size, total_diff, ntests * pconns / total_diff * 1000.); mean = rspamd_http_calculate_mean (latency, &std); msg_info ("Latency: %.6f ms mean, %.6f dev", mean, std); /* Restart server */ rspamd_http_stop_servers (sfd); /* No keypairs cache */ rspamd_http_start_servers (sfd, addr, serv_key, NULL); usleep (100000); total_diff = 0.0; gperf_profiler_init (NULL, "fair-http-client"); for (i = 0; i < ntests; i ++) { for (j = 0; j < pconns; j ++) { rspamd_http_client_func (filepath + sizeof ("/tmp") - 1, addr, client_key, peer_key, c, ev_base, &latency[i * pconns + j]); } ts1 = rspamd_get_ticks (); event_base_loop (ev_base, 0); ts2 = rspamd_get_ticks (); diff = (ts2 - ts1) * 1000.0; total_diff += diff; } gperf_profiler_stop (); msg_info ("Made %d uncached encrypted connections of size %d in %.6f ms, %.6f cps", ntests * pconns, file_size, total_diff, ntests * pconns / total_diff * 1000.); mean = rspamd_http_calculate_mean (latency, &std); msg_info ("Latency: %.6f ms mean, %.6f dev", mean, std); /* AES mode */ serv_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_NIST); client_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_NIST); c = rspamd_keypair_cache_new (16); /* Restart server */ rspamd_http_stop_servers (sfd); /* No keypairs cache */ rspamd_http_start_servers (sfd, addr, serv_key, c); //rspamd_mempool_lock_mutex (mtx); usleep (100000); b32_key = rspamd_keypair_print (serv_key, RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_BASE32); g_assert (b32_key != NULL); peer_key = rspamd_pubkey_from_base32 (b32_key->str, b32_key->len, RSPAMD_KEYPAIR_KEX, RSPAMD_CRYPTOBOX_MODE_NIST); g_assert (peer_key != NULL); total_diff = 0.0; gperf_profiler_init (NULL, "cached-http-client-aes"); for (i = 0; i < ntests; i++) { for (j = 0; j < pconns; j++) { rspamd_http_client_func (filepath + sizeof ("/tmp") - 1, addr, client_key, peer_key, NULL, ev_base, &latency[i * pconns + j]); } ts1 = rspamd_get_ticks (); event_base_loop (ev_base, 0); ts2 = rspamd_get_ticks (); diff = (ts2 - ts1) * 1000.0; total_diff += diff; } gperf_profiler_stop (); msg_info ( "Made %d aes encrypted connections of size %d in %.6f ms, %.6f cps", ntests * pconns, file_size, total_diff, ntests * pconns / total_diff * 1000.); mean = rspamd_http_calculate_mean (latency, &std); msg_info ("Latency: %.6f ms mean, %.6f dev", mean, std); /* Restart server */ rspamd_http_stop_servers (sfd); /* No keypairs cache */ rspamd_http_start_servers (sfd, addr, serv_key, NULL); //rspamd_mempool_lock_mutex (mtx); usleep (100000); total_diff = 0.0; gperf_profiler_init (NULL, "fair-http-client-aes"); for (i = 0; i < ntests; i++) { for (j = 0; j < pconns; j++) { rspamd_http_client_func (filepath + sizeof ("/tmp") - 1, addr, client_key, peer_key, c, ev_base, &latency[i * pconns + j]); } ts1 = rspamd_get_ticks (); event_base_loop (ev_base, 0); ts2 = rspamd_get_ticks (); diff = (ts2 - ts1) * 1000.0; total_diff += diff; } gperf_profiler_stop (); msg_info ( "Made %d uncached aes encrypted connections of size %d in %.6f ms, %.6f cps", ntests * pconns, file_size, total_diff, ntests * pconns / total_diff * 1000.); mean = rspamd_http_calculate_mean (latency, &std); msg_info ("Latency: %.6f ms mean, %.6f dev", mean, std); close (fd); unlink (filepath); rspamd_http_stop_servers (sfd); }