Example #1
0
static gchar *
rspamd_log_encrypt_message (const gchar *begin, const gchar *end,
		rspamd_logger_t *rspamd_log)
{
	guchar *out;
	gchar *b64;
	guchar *p, *nonce, *mac;
	const guchar *comp;
	guint len, inlen;

	g_assert (end > begin);
	/* base64 (pubkey | nonce | message) */
	inlen = rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
			rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
			rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
			(end - begin);
	out = g_malloc (inlen);

	p = out;
	comp = rspamd_pubkey_get_pk (rspamd_log->pk, &len);
	memcpy (p, comp, len);
	p += len;
	ottery_rand_bytes (p, rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
	nonce = p;
	p += rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
	mac = p;
	p += rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
	memcpy (p, begin, end - begin);
	comp = rspamd_pubkey_get_nm (rspamd_log->pk);
	g_assert (comp != NULL);
	rspamd_cryptobox_encrypt_nm_inplace (p, end - begin, nonce, comp, mac,
			RSPAMD_CRYPTOBOX_MODE_25519);
	b64 = rspamd_encode_base64 (out, inlen, 0, NULL);
	g_free (out);

	return b64;
}
Example #2
0
void
rspamd_radix_test_func (void)
{
#if 0
	radix_tree_t *tree = radix_tree_create ();
#endif
	radix_compressed_t *comp_tree = radix_create_compressed ();
	struct {
		guint32 addr;
		guint32 mask;
		guint8 addr6[16];
		guint32 mask6;
	} *addrs;
	gsize nelts, i;
	gint lc;
	gboolean all_good = TRUE;
	gdouble ts1, ts2;
	double diff;

	/* Test suite for the compressed trie */
	rspamd_radix_text_vec ();

	nelts = max_elts;
	/* First of all we generate many elements and push them to the array */
	addrs = g_malloc (nelts * sizeof (addrs[0]));

	for (i = 0; i < nelts; i ++) {
		addrs[i].addr = ottery_rand_uint32 ();
		addrs[i].mask = masks[ottery_rand_range(G_N_ELEMENTS (masks) - 1)];
		ottery_rand_bytes (addrs[i].addr6, sizeof(addrs[i].addr6));
		addrs[i].mask6 = ottery_rand_range(128);
	}
#if 0
	msg_info ("old radix performance (%z elts)", nelts);
	ts1 = rspamd_get_ticks ();
	for (i = 0; i < nelts; i ++) {
		guint32 mask = G_MAXUINT32 << (32 - addrs[i].mask);
		radix32tree_insert (tree, addrs[i].addr, mask, 1);
	}
	ts2 = rspamd_get_ticks ();
	diff = (ts2 - ts1) * 1000.0;

	msg_info ("Added %z elements in %.6f ms", nelts, diff);

	ts1 = rspamd_get_ticks ();
	for (lc = 0; lc < lookup_cycles; lc ++) {
		for (i = 0; i < nelts; i ++) {
			g_assert (radix32tree_find (tree, addrs[i].addr) != RADIX_NO_VALUE);
		}
	}
	ts2 = rspamd_get_ticks ();
	diff = (ts2 - ts1) * 1000.0;

	msg_info ("Checked %z elements in %.6f ms", nelts, diff);

	ts1 = rspamd_get_ticks ();
	for (i = 0; i < nelts; i ++) {
		radix32tree_delete (tree, addrs[i].addr, addrs[i].mask);
	}
	ts2 = rspamd_get_ticks ();
	diff = (ts2 - ts1) * 1000.;

	msg_info ("Deleted %z elements in %.6f ms", nelts, diff);

	radix_tree_free (tree);
#endif
	msg_info ("new radix performance (%z elts)", nelts);
	ts1 = rspamd_get_ticks ();
	for (i = 0; i < nelts; i ++) {
		radix_insert_compressed (comp_tree, addrs[i].addr6, sizeof (addrs[i].addr6),
				128 - addrs[i].mask6, i);
	}
	ts2 = rspamd_get_ticks ();
	diff = (ts2 - ts1) * 1000.0;

	msg_info ("Added %z elements in %.6f ms", nelts, diff);

	ts1 = rspamd_get_ticks ();
	for (lc = 0; lc < lookup_cycles; lc ++) {
		for (i = 0; i < nelts; i ++) {
			if (radix_find_compressed (comp_tree, addrs[i].addr6, sizeof (addrs[i].addr6))
					== RADIX_NO_VALUE) {
				all_good = FALSE;
			}
		}
	}
#if 1
	if (!all_good) {
		for (i = 0; i < nelts; i ++) {
			/* Used to write bad random vector */
			char ipbuf[INET6_ADDRSTRLEN + 1];
			inet_ntop(AF_INET6, addrs[i].addr6, ipbuf, sizeof(ipbuf));
			msg_info("{\"%s\", NULL, \"%ud\", 0, 0, 0, 0},",
					ipbuf,
					addrs[i].mask6);
		}
	}
#endif

	g_assert (all_good);
	ts2 = rspamd_get_ticks ();
	diff = (ts2 - ts1) * 1000.0;

	msg_info ("Checked %z elements in %.6f ms", nelts, diff);
	radix_destroy_compressed (comp_tree);

	g_free (addrs);
}
void
rspamd_cryptobox_test_func (void)
{
	void *map;
	guchar *begin, *end;
	rspamd_nm_t key;
	rspamd_nonce_t nonce;
	rspamd_sig_t mac;
	struct rspamd_cryptobox_segment *seg;
	double t1, t2;
	gint i, cnt, ms;

	map = create_mapping (mapping_size, &begin, &end);

	ottery_rand_bytes (key, sizeof (key));
	ottery_rand_bytes (nonce, sizeof (nonce));

	memset (mac, 0, sizeof (mac));
	seg = g_slice_alloc0 (sizeof (*seg) * max_seg * 10);

	/* Test baseline */
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encrypt_nm_inplace (begin, end - begin, nonce, key, mac);
	t2 = rspamd_get_ticks ();
	check_result (key, nonce, mac, begin, end);

	msg_info ("baseline encryption: %.6f", t2 - t1);
	/* A single chunk as vector */
	seg[0].data = begin;
	seg[0].len = end - begin;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 1, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("bulk encryption: %.6f", t2 - t1);

	/* Two chunks as vector */
	seg[0].data = begin;
	seg[0].len = (end - begin) / 2;
	seg[1].data = begin + seg[0].len;
	seg[1].len = (end - begin) - seg[0].len;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("2 equal chunks encryption: %.6f", t2 - t1);

	seg[0].data = begin;
	seg[0].len = 1;
	seg[1].data = begin + seg[0].len;
	seg[1].len = (end - begin) - seg[0].len;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("small and large chunks encryption: %.6f", t2 - t1);

	seg[0].data = begin;
	seg[0].len = (end - begin) - 3;
	seg[1].data = begin + seg[0].len;
	seg[1].len = (end - begin) - seg[0].len;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("large and small chunks encryption: %.6f", t2 - t1);

	/* Random two chunks as vector */
	seg[0].data = begin;
	seg[0].len = ottery_rand_range (end - begin - 1) + 1;
	seg[1].data = begin + seg[0].len;
	seg[1].len = (end - begin) - seg[0].len;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("random 2 chunks encryption: %.6f", t2 - t1);

	/* 3 specific chunks */
	seg[0].data = begin;
	seg[0].len = 2;
	seg[1].data = begin + seg[0].len;
	seg[1].len = 2049;
	seg[2].data = begin + seg[0].len + seg[1].len;
	seg[2].len = (end - begin) - seg[0].len - seg[1].len;
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, 3, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("small, medium and large chunks encryption: %.6f", t2 - t1);

	cnt = create_random_split (seg, max_seg, begin, end);
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("random split of %d chunks encryption: %.6f", cnt, t2 - t1);

	cnt = create_realistic_split (seg, max_seg, begin, end);
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("realistic split of %d chunks encryption: %.6f", cnt, t2 - t1);

	cnt = create_constrainted_split (seg, max_seg + 1, 32, begin, end);
	t1 = rspamd_get_ticks ();
	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
	t2 = rspamd_get_ticks ();

	check_result (key, nonce, mac, begin, end);

	msg_info ("constrainted split of %d chunks encryption: %.6f", cnt, t2 - t1);

	for (i = 0; i < random_fuzz_cnt; i ++) {
		ms = ottery_rand_range (i % max_seg * 2) + 1;
		cnt = create_random_split (seg, ms, begin, end);
		t1 = rspamd_get_ticks ();
		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
		t2 = rspamd_get_ticks ();

		check_result (key, nonce, mac, begin, end);

		if (i % 1000 == 0) {
			msg_info ("random fuzz iterations: %d", i);
		}
	}
	for (i = 0; i < random_fuzz_cnt; i ++) {
		ms = ottery_rand_range (i % max_seg * 2) + 1;
		cnt = create_realistic_split (seg, ms, begin, end);
		t1 = rspamd_get_ticks ();
		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
		t2 = rspamd_get_ticks ();

		check_result (key, nonce, mac, begin, end);

		if (i % 1000 == 0) {
			msg_info ("realistic fuzz iterations: %d", i);
		}
	}
	for (i = 0; i < random_fuzz_cnt; i ++) {
		ms = ottery_rand_range (i % max_seg * 10) + 1;
		cnt = create_constrainted_split (seg, ms, i, begin, end);
		t1 = rspamd_get_ticks ();
		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
		t2 = rspamd_get_ticks ();

		check_result (key, nonce, mac, begin, end);

		if (i % 1000 == 0) {
			msg_info ("constrainted fuzz iterations: %d", i);
		}
	}
}
void
rspamd_upstream_test_func (void)
{
	struct upstream_list *ls, *nls;
	struct upstream *up, *upn;
	struct event_base *ev_base = event_init ();
	struct rspamd_dns_resolver *resolver;
	struct rspamd_config *cfg;
	gint i, success = 0;
	const gint assumptions = 100500;
	gdouble p;
	struct event ev;
	struct timeval tv;
	rspamd_inet_addr_t *addr, *next_addr, *paddr;

	cfg = rspamd_config_new ();
	cfg->dns_retransmits = 2;
	cfg->dns_timeout = 0.5;
	cfg->upstream_max_errors = 1;
	cfg->upstream_revive_time = 0.5;
	cfg->upstream_error_time = 2;

	resolver = dns_resolver_init (NULL, ev_base, cfg);
	rspamd_upstreams_library_config (cfg, cfg->ups_ctx, ev_base, resolver->r);

	/*
	 * Test v4/v6 priorities
	 */
	nls = rspamd_upstreams_create (cfg->ups_ctx);
	g_assert (rspamd_upstreams_add_upstream (nls, "127.0.0.1", 0, NULL));
	up = rspamd_upstream_get (nls, RSPAMD_UPSTREAM_RANDOM, NULL, 0);
	rspamd_parse_inet_address (&paddr, "127.0.0.2", 0);
	g_assert (rspamd_upstream_add_addr (up, paddr));
	rspamd_parse_inet_address (&paddr, "::1", 0);
	g_assert (rspamd_upstream_add_addr (up, paddr));
	/* Rewind to start */
	addr = rspamd_upstream_addr (up);
	addr = rspamd_upstream_addr (up);
	/* cur should be zero here */
	addr = rspamd_upstream_addr (up);
	next_addr = rspamd_upstream_addr (up);
	g_assert (rspamd_inet_address_get_af (addr) == AF_INET);
	g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
	next_addr = rspamd_upstream_addr (up);
	g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET6);
	next_addr = rspamd_upstream_addr (up);
	g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
	next_addr = rspamd_upstream_addr (up);
	g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
	next_addr = rspamd_upstream_addr (up);
	g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET6);
	/* Test errors with IPv6 */
	rspamd_upstream_fail (up);
	/* Now we should have merely IPv4 addresses in rotation */
	addr = rspamd_upstream_addr (up);
	for (i = 0; i < 256; i++) {
		next_addr = rspamd_upstream_addr (up);
		g_assert (rspamd_inet_address_get_af (addr) == AF_INET);
		g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
		g_assert (rspamd_inet_address_compare (addr, next_addr) != 0);
		addr = next_addr;
	}
	rspamd_upstreams_destroy (nls);

	ls = rspamd_upstreams_create (cfg->ups_ctx);
	g_assert (rspamd_upstreams_parse_line (ls, test_upstream_list, 443, NULL));
	g_assert (rspamd_upstreams_count (ls) == 3);

	/* Test master-slave rotation */
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, "kernel.org");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, "kernel.org");

	/* Test round-robin rotation */
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "google.com");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "google.com");
	rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "microsoft.com");

	/* Test stable hashing */
	nls = rspamd_upstreams_create (cfg->ups_ctx);
	g_assert (rspamd_upstreams_parse_line (nls, test_upstream_list, 443, NULL));
	g_assert (rspamd_upstreams_parse_line (nls, new_upstream_list, 443, NULL));
	for (i = 0; i < assumptions; i ++) {
		ottery_rand_bytes (test_key, sizeof (test_key));
		up = rspamd_upstream_get (ls, RSPAMD_UPSTREAM_HASHED, test_key,
			sizeof (test_key));
		upn = rspamd_upstream_get (nls, RSPAMD_UPSTREAM_HASHED, test_key,
			sizeof (test_key));

		if (strcmp (rspamd_upstream_name (up), rspamd_upstream_name (upn)) == 0) {
			success ++;
		}
	}

	p = 1.0 - fabs (3.0 / 4.0 - (gdouble)success / (gdouble)assumptions);
	/*
	 * P value is calculated as following:
	 * when we add/remove M upstreams from the list, the probability of hash
	 * miss should be close to the relation N / (N + M), where N is the size of
	 * the previous upstreams list.
	 */
	msg_debug ("p value for hash consistency: %.6f", p);
	g_assert (p > 0.9);

	rspamd_upstreams_destroy (nls);


	/* Upstream fail test */
	evtimer_set (&ev, rspamd_upstream_timeout_handler, resolver);
	event_base_set (ev_base, &ev);

	up = rspamd_upstream_get (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, NULL, 0);
	for (i = 0; i < 100; i ++) {
		rspamd_upstream_fail (up);
	}
	g_assert (rspamd_upstreams_alive (ls) == 2);

	tv.tv_sec = 2;
	tv.tv_usec = 0;
	event_add (&ev, &tv);

	event_base_loop (ev_base, 0);
	g_assert (rspamd_upstreams_alive (ls) == 3);

	rspamd_upstreams_destroy (ls);
	REF_RELEASE (cfg);
}