mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21173 Commits
28 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
rspamd/test/rspamd_cryptobox_test.c

rspamd_cryptobox_test.c 8.9KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "rspamd.h"

  18. #include "shingles.h"

  19. #include "fstring.h"

  20. #include "ottery.h"

  21. #include "cryptobox.h"

  22. #include "unix-std.h"

  23. 

  24. static const int mapping_size = 64 * 8192 + 1;

  25. static const int max_seg = 32;

  26. static const int random_fuzz_cnt = 10000;

  27. enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;

  28. 

  29. static void *

  30. create_mapping(int mapping_len, unsigned char **beg, unsigned char **end)

  31. {

  32. 	void *map;

  33. 	int psize = getpagesize();

  34. 

  35. 	map = mmap(NULL, mapping_len + psize * 3, PROT_READ | PROT_WRITE,

  36. 			   MAP_ANON | MAP_SHARED, -1, 0);

  37. 	g_assert(map != 0);

  38. 	memset(map, 0, mapping_len + psize * 3);

  39. 	mprotect(map, psize, PROT_NONE);

  40. 	/* Misalign pointer */

  41. 	*beg = ((unsigned char *) map) + psize + 1;

  42. 	*end = *beg + mapping_len;

  43. 	mprotect(*beg + mapping_len - 1 + psize, psize, PROT_NONE);

  44. 

  45. 	return map;

  46. }

  47. 

  48. static void

  49. check_result(const rspamd_nm_t key, const rspamd_nonce_t nonce,

  50. 			 const rspamd_mac_t mac, unsigned char *begin, unsigned char *end)

  51. {

  52. 	uint64_t *t = (uint64_t *) begin;

  53. 

  54. 	g_assert(rspamd_cryptobox_decrypt_nm_inplace(begin, end - begin, nonce, key,

  55. 												 mac, mode));

  56. 

  57. 	while (t < (uint64_t *) end) {

  58. 		g_assert(*t == 0);

  59. 		t++;

  60. 	}

  61. }

  62. 

  63. static int

  64. create_random_split(struct rspamd_cryptobox_segment *seg, int mseg,

  65. 					unsigned char *begin, unsigned char *end)

  66. {

  67. 	gsize remain = end - begin;

  68. 	int used = 0;

  69. 

  70. 	while (remain > 0 && used < mseg - 1) {

  71. 		seg->data = begin;

  72. 		seg->len = ottery_rand_range(remain - 1) + 1;

  73. 

  74. 		begin += seg->len;

  75. 		remain -= seg->len;

  76. 		used++;

  77. 		seg++;

  78. 	}

  79. 

  80. 	if (remain > 0) {

  81. 		seg->data = begin;

  82. 		seg->len = remain;

  83. 		used++;

  84. 	}

  85. 

  86. 	return used;

  87. }

  88. 

  89. static int

  90. create_realistic_split(struct rspamd_cryptobox_segment *seg, int mseg,

  91. 					   unsigned char *begin, unsigned char *end)

  92. {

  93. 	gsize remain = end - begin;

  94. 	int used = 0;

  95. 	static const int small_seg = 512, medium_seg = 2048;

  96. 

  97. 	while (remain > 0 && used < mseg - 1) {

  98. 		seg->data = begin;

  99. 

  100. 		if (ottery_rand_uint32() % 2 == 0) {

  101. 			seg->len = ottery_rand_range(small_seg) + 1;

  102. 		}

  103. 		else {

  104. 			seg->len = ottery_rand_range(medium_seg) +

  105. 					   small_seg;

  106. 		}

  107. 		if (seg->len > remain) {

  108. 			seg->len = remain;

  109. 		}

  110. 

  111. 		begin += seg->len;

  112. 		remain -= seg->len;

  113. 		used++;

  114. 		seg++;

  115. 	}

  116. 

  117. 	if (remain > 0) {

  118. 		seg->data = begin;

  119. 		seg->len = remain;

  120. 		used++;

  121. 	}

  122. 

  123. 	return used;

  124. }

  125. 

  126. static int

  127. create_constrained_split(struct rspamd_cryptobox_segment *seg, int mseg,

  128. 						 int constraint,

  129. 						 unsigned char *begin, unsigned char *end)

  130. {

  131. 	gsize remain = end - begin;

  132. 	int used = 0;

  133. 

  134. 	while (remain > 0 && used < mseg - 1) {

  135. 		seg->data = begin;

  136. 		seg->len = constraint;

  137. 		if (seg->len > remain) {

  138. 			seg->len = remain;

  139. 		}

  140. 		begin += seg->len;

  141. 		remain -= seg->len;

  142. 		used++;

  143. 		seg++;

  144. 	}

  145. 

  146. 	if (remain > 0) {

  147. 		seg->data = begin;

  148. 		seg->len = remain;

  149. 		used++;

  150. 	}

  151. 

  152. 	return used;

  153. }

  154. 

  155. void rspamd_cryptobox_test_func(void)

  156. {

  157. 	void *map;

  158. 	unsigned char *begin, *end;

  159. 	rspamd_nm_t key;

  160. 	rspamd_nonce_t nonce;

  161. 	rspamd_mac_t mac;

  162. 	struct rspamd_cryptobox_segment *seg;

  163. 	double t1, t2;

  164. 	int i, cnt, ms;

  165. 	gboolean checked_openssl = FALSE;

  166. 

  167. 	map = create_mapping(mapping_size, &begin, &end);

  168. 

  169. 	ottery_rand_bytes(key, sizeof(key));

  170. 	ottery_rand_bytes(nonce, sizeof(nonce));

  171. 

  172. 	memset(mac, 0, sizeof(mac));

  173. 	seg = g_slice_alloc0(sizeof(*seg) * max_seg * 10);

  174. 

  175. 	/* Test baseline */

  176. 	t1 = rspamd_get_ticks(TRUE);

  177. 	rspamd_cryptobox_encrypt_nm_inplace(begin, end - begin, nonce, key, mac,

  178. 										mode);

  179. 	t2 = rspamd_get_ticks(TRUE);

  180. 	check_result(key, nonce, mac, begin, end);

  181. 

  182. 	msg_info("baseline encryption: %.0f", t2 - t1);

  183. 

  184. 	mode = RSPAMD_CRYPTOBOX_MODE_NIST;

  185. 	t1 = rspamd_get_ticks(TRUE);

  186. 	rspamd_cryptobox_encrypt_nm_inplace(begin,

  187. 										end - begin,

  188. 										nonce,

  189. 										key,

  190. 										mac,

  191. 										mode);

  192. 	t2 = rspamd_get_ticks(TRUE);

  193. 	check_result(key, nonce, mac, begin, end);

  194. 

  195. 	msg_info("openssl baseline encryption: %.0f", t2 - t1);

  196. 	mode = RSPAMD_CRYPTOBOX_MODE_25519;

  197. 

  198. start:

  199. 	/* A single chunk as vector */

  200. 	seg[0].data = begin;

  201. 	seg[0].len = end - begin;

  202. 	t1 = rspamd_get_ticks(TRUE);

  203. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 1, nonce, key, mac, mode);

  204. 	t2 = rspamd_get_ticks(TRUE);

  205. 

  206. 	check_result(key, nonce, mac, begin, end);

  207. 

  208. 	msg_info("bulk encryption: %.0f", t2 - t1);

  209. 

  210. 	/* Two chunks as vector */

  211. 	seg[0].data = begin;

  212. 	seg[0].len = (end - begin) / 2;

  213. 	seg[1].data = begin + seg[0].len;

  214. 	seg[1].len = (end - begin) - seg[0].len;

  215. 	t1 = rspamd_get_ticks(TRUE);

  216. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);

  217. 	t2 = rspamd_get_ticks(TRUE);

  218. 

  219. 	check_result(key, nonce, mac, begin, end);

  220. 

  221. 	msg_info("2 equal chunks encryption: %.0f", t2 - t1);

  222. 

  223. 	seg[0].data = begin;

  224. 	seg[0].len = 1;

  225. 	seg[1].data = begin + seg[0].len;

  226. 	seg[1].len = (end - begin) - seg[0].len;

  227. 	t1 = rspamd_get_ticks(TRUE);

  228. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);

  229. 	t2 = rspamd_get_ticks(TRUE);

  230. 

  231. 	check_result(key, nonce, mac, begin, end);

  232. 

  233. 	msg_info("small and large chunks encryption: %.0f", t2 - t1);

  234. 

  235. 	seg[0].data = begin;

  236. 	seg[0].len = (end - begin) - 3;

  237. 	seg[1].data = begin + seg[0].len;

  238. 	seg[1].len = (end - begin) - seg[0].len;

  239. 	t1 = rspamd_get_ticks(TRUE);

  240. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);

  241. 	t2 = rspamd_get_ticks(TRUE);

  242. 

  243. 	check_result(key, nonce, mac, begin, end);

  244. 

  245. 	msg_info("large and small chunks encryption: %.0f", t2 - t1);

  246. 

  247. 	/* Random two chunks as vector */

  248. 	seg[0].data = begin;

  249. 	seg[0].len = ottery_rand_range(end - begin - 1) + 1;

  250. 	seg[1].data = begin + seg[0].len;

  251. 	seg[1].len = (end - begin) - seg[0].len;

  252. 	t1 = rspamd_get_ticks(TRUE);

  253. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 2, nonce, key, mac, mode);

  254. 	t2 = rspamd_get_ticks(TRUE);

  255. 

  256. 	check_result(key, nonce, mac, begin, end);

  257. 

  258. 	msg_info("random 2 chunks encryption: %.0f", t2 - t1);

  259. 

  260. 	/* 3 specific chunks */

  261. 	seg[0].data = begin;

  262. 	seg[0].len = 2;

  263. 	seg[1].data = begin + seg[0].len;

  264. 	seg[1].len = 2049;

  265. 	seg[2].data = begin + seg[0].len + seg[1].len;

  266. 	seg[2].len = (end - begin) - seg[0].len - seg[1].len;

  267. 	t1 = rspamd_get_ticks(TRUE);

  268. 	rspamd_cryptobox_encryptv_nm_inplace(seg, 3, nonce, key, mac, mode);

  269. 	t2 = rspamd_get_ticks(TRUE);

  270. 

  271. 	check_result(key, nonce, mac, begin, end);

  272. 

  273. 	msg_info("small, medium and large chunks encryption: %.0f", t2 - t1);

  274. 

  275. 	cnt = create_random_split(seg, max_seg, begin, end);

  276. 	t1 = rspamd_get_ticks(TRUE);

  277. 	rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  278. 	t2 = rspamd_get_ticks(TRUE);

  279. 

  280. 	check_result(key, nonce, mac, begin, end);

  281. 

  282. 	msg_info("random split of %d chunks encryption: %.0f", cnt, t2 - t1);

  283. 

  284. 	cnt = create_realistic_split(seg, max_seg, begin, end);

  285. 	t1 = rspamd_get_ticks(TRUE);

  286. 	rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  287. 	t2 = rspamd_get_ticks(TRUE);

  288. 

  289. 	check_result(key, nonce, mac, begin, end);

  290. 

  291. 	msg_info("realistic split of %d chunks encryption: %.0f", cnt, t2 - t1);

  292. 

  293. 	cnt = create_constrained_split(seg, max_seg + 1, 32, begin, end);

  294. 	t1 = rspamd_get_ticks(TRUE);

  295. 	rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  296. 	t2 = rspamd_get_ticks(TRUE);

  297. 

  298. 	check_result(key, nonce, mac, begin, end);

  299. 

  300. 	msg_info("constrained split of %d chunks encryption: %.0f", cnt, t2 - t1);

  301. 

  302. 	for (i = 0; i < random_fuzz_cnt; i++) {

  303. 		ms = ottery_rand_range(i % max_seg * 2) + 1;

  304. 		cnt = create_random_split(seg, ms, begin, end);

  305. 		t1 = rspamd_get_ticks(TRUE);

  306. 		rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  307. 		t2 = rspamd_get_ticks(TRUE);

  308. 

  309. 		check_result(key, nonce, mac, begin, end);

  310. 

  311. 		if (i % 1000 == 0) {

  312. 			msg_info("random fuzz iterations: %d", i);

  313. 		}

  314. 	}

  315. 	for (i = 0; i < random_fuzz_cnt; i++) {

  316. 		ms = ottery_rand_range(i % max_seg * 2) + 1;

  317. 		cnt = create_realistic_split(seg, ms, begin, end);

  318. 		t1 = rspamd_get_ticks(TRUE);

  319. 		rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  320. 		t2 = rspamd_get_ticks(TRUE);

  321. 

  322. 		check_result(key, nonce, mac, begin, end);

  323. 

  324. 		if (i % 1000 == 0) {

  325. 			msg_info("realistic fuzz iterations: %d", i);

  326. 		}

  327. 	}

  328. 	for (i = 0; i < random_fuzz_cnt; i++) {

  329. 		ms = ottery_rand_range(i % max_seg * 10) + 1;

  330. 		cnt = create_constrained_split(seg, ms, i, begin, end);

  331. 		t1 = rspamd_get_ticks(TRUE);

  332. 		rspamd_cryptobox_encryptv_nm_inplace(seg, cnt, nonce, key, mac, mode);

  333. 		t2 = rspamd_get_ticks(TRUE);

  334. 

  335. 		check_result(key, nonce, mac, begin, end);

  336. 

  337. 		if (i % 1000 == 0) {

  338. 			msg_info("constrained fuzz iterations: %d", i);

  339. 		}

  340. 	}

  341. 

  342. 	if (!checked_openssl) {

  343. 		checked_openssl = TRUE;

  344. 		mode = RSPAMD_CRYPTOBOX_MODE_NIST;

  345. 		goto start;

  346. 	}

  347. }