static gchar *
rspamd_log_encrypt_message (const gchar *begin, const gchar *end,
rspamd_logger_t *rspamd_log)
{
guchar *out;
gchar *b64;
guchar *p, *nonce, *mac;
const guchar *comp;
guint len, inlen;
g_assert (end > begin);
/* base64 (pubkey | nonce | message) */
inlen = rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
rspamd_cryptobox_pk_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519) +
(end - begin);
out = g_malloc (inlen);
p = out;
comp = rspamd_pubkey_get_pk (rspamd_log->pk, &len);
memcpy (p, comp, len);
p += len;
ottery_rand_bytes (p, rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519));
nonce = p;
p += rspamd_cryptobox_nonce_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
mac = p;
p += rspamd_cryptobox_mac_bytes (RSPAMD_CRYPTOBOX_MODE_25519);
memcpy (p, begin, end - begin);
comp = rspamd_pubkey_get_nm (rspamd_log->pk);
g_assert (comp != NULL);
rspamd_cryptobox_encrypt_nm_inplace (p, end - begin, nonce, comp, mac,
RSPAMD_CRYPTOBOX_MODE_25519);
b64 = rspamd_encode_base64 (out, inlen, 0, NULL);
g_free (out);
return b64;
}
void
rspamd_radix_test_func (void)
{
#if 0
radix_tree_t *tree = radix_tree_create ();
#endif
radix_compressed_t *comp_tree = radix_create_compressed ();
struct {
guint32 addr;
guint32 mask;
guint8 addr6[16];
guint32 mask6;
} *addrs;
gsize nelts, i;
gint lc;
gboolean all_good = TRUE;
gdouble ts1, ts2;
double diff;
/* Test suite for the compressed trie */
rspamd_radix_text_vec ();
nelts = max_elts;
/* First of all we generate many elements and push them to the array */
addrs = g_malloc (nelts * sizeof (addrs[0]));
for (i = 0; i < nelts; i ++) {
addrs[i].addr = ottery_rand_uint32 ();
addrs[i].mask = masks[ottery_rand_range(G_N_ELEMENTS (masks) - 1)];
ottery_rand_bytes (addrs[i].addr6, sizeof(addrs[i].addr6));
addrs[i].mask6 = ottery_rand_range(128);
}
#if 0
msg_info ("old radix performance (%z elts)", nelts);
ts1 = rspamd_get_ticks ();
for (i = 0; i < nelts; i ++) {
guint32 mask = G_MAXUINT32 << (32 - addrs[i].mask);
radix32tree_insert (tree, addrs[i].addr, mask, 1);
}
ts2 = rspamd_get_ticks ();
diff = (ts2 - ts1) * 1000.0;
msg_info ("Added %z elements in %.6f ms", nelts, diff);
ts1 = rspamd_get_ticks ();
for (lc = 0; lc < lookup_cycles; lc ++) {
for (i = 0; i < nelts; i ++) {
g_assert (radix32tree_find (tree, addrs[i].addr) != RADIX_NO_VALUE);
}
}
ts2 = rspamd_get_ticks ();
diff = (ts2 - ts1) * 1000.0;
msg_info ("Checked %z elements in %.6f ms", nelts, diff);
ts1 = rspamd_get_ticks ();
for (i = 0; i < nelts; i ++) {
radix32tree_delete (tree, addrs[i].addr, addrs[i].mask);
}
ts2 = rspamd_get_ticks ();
diff = (ts2 - ts1) * 1000.;
msg_info ("Deleted %z elements in %.6f ms", nelts, diff);
radix_tree_free (tree);
#endif
msg_info ("new radix performance (%z elts)", nelts);
ts1 = rspamd_get_ticks ();
for (i = 0; i < nelts; i ++) {
radix_insert_compressed (comp_tree, addrs[i].addr6, sizeof (addrs[i].addr6),
128 - addrs[i].mask6, i);
}
ts2 = rspamd_get_ticks ();
diff = (ts2 - ts1) * 1000.0;
msg_info ("Added %z elements in %.6f ms", nelts, diff);
ts1 = rspamd_get_ticks ();
for (lc = 0; lc < lookup_cycles; lc ++) {
for (i = 0; i < nelts; i ++) {
if (radix_find_compressed (comp_tree, addrs[i].addr6, sizeof (addrs[i].addr6))
== RADIX_NO_VALUE) {
all_good = FALSE;
}
}
}
#if 1
if (!all_good) {
for (i = 0; i < nelts; i ++) {
/* Used to write bad random vector */
char ipbuf[INET6_ADDRSTRLEN + 1];
inet_ntop(AF_INET6, addrs[i].addr6, ipbuf, sizeof(ipbuf));
msg_info("{\"%s\", NULL, \"%ud\", 0, 0, 0, 0},",
ipbuf,
addrs[i].mask6);
}
}
#endif
g_assert (all_good);
ts2 = rspamd_get_ticks ();
diff = (ts2 - ts1) * 1000.0;
msg_info ("Checked %z elements in %.6f ms", nelts, diff);
radix_destroy_compressed (comp_tree);
g_free (addrs);
}
void
rspamd_cryptobox_test_func (void)
{
void *map;
guchar *begin, *end;
rspamd_nm_t key;
rspamd_nonce_t nonce;
rspamd_sig_t mac;
struct rspamd_cryptobox_segment *seg;
double t1, t2;
gint i, cnt, ms;
map = create_mapping (mapping_size, &begin, &end);
ottery_rand_bytes (key, sizeof (key));
ottery_rand_bytes (nonce, sizeof (nonce));
memset (mac, 0, sizeof (mac));
seg = g_slice_alloc0 (sizeof (*seg) * max_seg * 10);
/* Test baseline */
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encrypt_nm_inplace (begin, end - begin, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("baseline encryption: %.6f", t2 - t1);
/* A single chunk as vector */
seg[0].data = begin;
seg[0].len = end - begin;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 1, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("bulk encryption: %.6f", t2 - t1);
/* Two chunks as vector */
seg[0].data = begin;
seg[0].len = (end - begin) / 2;
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("2 equal chunks encryption: %.6f", t2 - t1);
seg[0].data = begin;
seg[0].len = 1;
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("small and large chunks encryption: %.6f", t2 - t1);
seg[0].data = begin;
seg[0].len = (end - begin) - 3;
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("large and small chunks encryption: %.6f", t2 - t1);
/* Random two chunks as vector */
seg[0].data = begin;
seg[0].len = ottery_rand_range (end - begin - 1) + 1;
seg[1].data = begin + seg[0].len;
seg[1].len = (end - begin) - seg[0].len;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("random 2 chunks encryption: %.6f", t2 - t1);
/* 3 specific chunks */
seg[0].data = begin;
seg[0].len = 2;
seg[1].data = begin + seg[0].len;
seg[1].len = 2049;
seg[2].data = begin + seg[0].len + seg[1].len;
seg[2].len = (end - begin) - seg[0].len - seg[1].len;
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, 3, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("small, medium and large chunks encryption: %.6f", t2 - t1);
cnt = create_random_split (seg, max_seg, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("random split of %d chunks encryption: %.6f", cnt, t2 - t1);
cnt = create_realistic_split (seg, max_seg, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("realistic split of %d chunks encryption: %.6f", cnt, t2 - t1);
cnt = create_constrainted_split (seg, max_seg + 1, 32, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
msg_info ("constrainted split of %d chunks encryption: %.6f", cnt, t2 - t1);
for (i = 0; i < random_fuzz_cnt; i ++) {
ms = ottery_rand_range (i % max_seg * 2) + 1;
cnt = create_random_split (seg, ms, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
if (i % 1000 == 0) {
msg_info ("random fuzz iterations: %d", i);
}
}
for (i = 0; i < random_fuzz_cnt; i ++) {
ms = ottery_rand_range (i % max_seg * 2) + 1;
cnt = create_realistic_split (seg, ms, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
if (i % 1000 == 0) {
msg_info ("realistic fuzz iterations: %d", i);
}
}
for (i = 0; i < random_fuzz_cnt; i ++) {
ms = ottery_rand_range (i % max_seg * 10) + 1;
cnt = create_constrainted_split (seg, ms, i, begin, end);
t1 = rspamd_get_ticks ();
rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac);
t2 = rspamd_get_ticks ();
check_result (key, nonce, mac, begin, end);
if (i % 1000 == 0) {
msg_info ("constrainted fuzz iterations: %d", i);
}
}
}
void
rspamd_upstream_test_func (void)
{
struct upstream_list *ls, *nls;
struct upstream *up, *upn;
struct event_base *ev_base = event_init ();
struct rspamd_dns_resolver *resolver;
struct rspamd_config *cfg;
gint i, success = 0;
const gint assumptions = 100500;
gdouble p;
struct event ev;
struct timeval tv;
rspamd_inet_addr_t *addr, *next_addr, *paddr;
cfg = rspamd_config_new ();
cfg->dns_retransmits = 2;
cfg->dns_timeout = 0.5;
cfg->upstream_max_errors = 1;
cfg->upstream_revive_time = 0.5;
cfg->upstream_error_time = 2;
resolver = dns_resolver_init (NULL, ev_base, cfg);
rspamd_upstreams_library_config (cfg, cfg->ups_ctx, ev_base, resolver->r);
/*
* Test v4/v6 priorities
*/
nls = rspamd_upstreams_create (cfg->ups_ctx);
g_assert (rspamd_upstreams_add_upstream (nls, "127.0.0.1", 0, NULL));
up = rspamd_upstream_get (nls, RSPAMD_UPSTREAM_RANDOM, NULL, 0);
rspamd_parse_inet_address (&paddr, "127.0.0.2", 0);
g_assert (rspamd_upstream_add_addr (up, paddr));
rspamd_parse_inet_address (&paddr, "::1", 0);
g_assert (rspamd_upstream_add_addr (up, paddr));
/* Rewind to start */
addr = rspamd_upstream_addr (up);
addr = rspamd_upstream_addr (up);
/* cur should be zero here */
addr = rspamd_upstream_addr (up);
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (addr) == AF_INET);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET6);
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET6);
/* Test errors with IPv6 */
rspamd_upstream_fail (up);
/* Now we should have merely IPv4 addresses in rotation */
addr = rspamd_upstream_addr (up);
for (i = 0; i < 256; i++) {
next_addr = rspamd_upstream_addr (up);
g_assert (rspamd_inet_address_get_af (addr) == AF_INET);
g_assert (rspamd_inet_address_get_af (next_addr) == AF_INET);
g_assert (rspamd_inet_address_compare (addr, next_addr) != 0);
addr = next_addr;
}
rspamd_upstreams_destroy (nls);
ls = rspamd_upstreams_create (cfg->ups_ctx);
g_assert (rspamd_upstreams_parse_line (ls, test_upstream_list, 443, NULL));
g_assert (rspamd_upstreams_count (ls) == 3);
/* Test master-slave rotation */
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, "kernel.org");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, "kernel.org");
/* Test round-robin rotation */
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "google.com");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "kernel.org");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "google.com");
rspamd_upstream_test_method (ls, RSPAMD_UPSTREAM_ROUND_ROBIN, "microsoft.com");
/* Test stable hashing */
nls = rspamd_upstreams_create (cfg->ups_ctx);
g_assert (rspamd_upstreams_parse_line (nls, test_upstream_list, 443, NULL));
g_assert (rspamd_upstreams_parse_line (nls, new_upstream_list, 443, NULL));
for (i = 0; i < assumptions; i ++) {
ottery_rand_bytes (test_key, sizeof (test_key));
up = rspamd_upstream_get (ls, RSPAMD_UPSTREAM_HASHED, test_key,
sizeof (test_key));
upn = rspamd_upstream_get (nls, RSPAMD_UPSTREAM_HASHED, test_key,
sizeof (test_key));
if (strcmp (rspamd_upstream_name (up), rspamd_upstream_name (upn)) == 0) {
success ++;
}
}
p = 1.0 - fabs (3.0 / 4.0 - (gdouble)success / (gdouble)assumptions);
/*
* P value is calculated as following:
* when we add/remove M upstreams from the list, the probability of hash
* miss should be close to the relation N / (N + M), where N is the size of
* the previous upstreams list.
*/
msg_debug ("p value for hash consistency: %.6f", p);
g_assert (p > 0.9);
rspamd_upstreams_destroy (nls);
/* Upstream fail test */
evtimer_set (&ev, rspamd_upstream_timeout_handler, resolver);
event_base_set (ev_base, &ev);
up = rspamd_upstream_get (ls, RSPAMD_UPSTREAM_MASTER_SLAVE, NULL, 0);
for (i = 0; i < 100; i ++) {
rspamd_upstream_fail (up);
}
g_assert (rspamd_upstreams_alive (ls) == 2);
tv.tv_sec = 2;
tv.tv_usec = 0;
event_add (&ev, &tv);
event_base_loop (ev_base, 0);
g_assert (rspamd_upstreams_alive (ls) == 3);
rspamd_upstreams_destroy (ls);
REF_RELEASE (cfg);
}
