mirrors
/
rspamd
огледало от https://github.com/vstakhov/rspamd.git
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Версии 159 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14569 Ревизии
28 Клонове
ИН на ревизия: e6e72472ad
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'e6e72472ad'
${ noResults }
rspamd/test/rspamd_cryptobox_test.c

rspamd_cryptobox_test.c 8.8KB
Директен файл Blame История

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "rspamd.h"

  18. #include "shingles.h"

  19. #include "fstring.h"

  20. #include "ottery.h"

  21. #include "cryptobox.h"

  22. #include "unix-std.h"

  23. 

  24. static const int mapping_size = 64 * 8192 + 1;

  25. static const int max_seg = 32;

  26. static const int random_fuzz_cnt = 10000;

  27. enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;

  28. 

  29. static void *

  30. create_mapping (int mapping_len, guchar **beg, guchar **end)

  31. {

  32. 	void *map;

  33. 	int psize = getpagesize ();

  34. 

  35. 	map = mmap (NULL, mapping_len + psize * 3, PROT_READ|PROT_WRITE,

  36. 			MAP_ANON|MAP_SHARED, -1, 0);

  37. 	g_assert (map != 0);

  38. 	memset (map, 0, mapping_len + psize * 3);

  39. 	mprotect (map, psize, PROT_NONE);

  40. 	/* Misalign pointer */

  41. 	*beg = ((guchar *)map) + psize + 1;

  42. 	*end = *beg + mapping_len;

  43. 	mprotect (*beg + mapping_len - 1 + psize, psize, PROT_NONE);

  44. 

  45. 	return map;

  46. }

  47. 

  48. static void

  49. check_result (const rspamd_nm_t key, const rspamd_nonce_t nonce,

  50. 		const rspamd_mac_t mac, guchar *begin, guchar *end)

  51. {

  52. 	guint64 *t = (guint64 *)begin;

  53. 

  54. 	g_assert (rspamd_cryptobox_decrypt_nm_inplace (begin, end - begin, nonce, key,

  55. 			mac, mode));

  56. 

  57. 	while (t < (guint64 *)end) {

  58. 		g_assert (*t == 0);

  59. 		t ++;

  60. 	}

  61. }

  62. 

  63. static int

  64. create_random_split (struct rspamd_cryptobox_segment *seg, int mseg,

  65. 		guchar *begin, guchar *end)

  66. {

  67. 	gsize remain = end - begin;

  68. 	gint used = 0;

  69. 

  70. 	while (remain > 0 && used < mseg - 1) {

  71. 		seg->data = begin;

  72. 		seg->len = ottery_rand_range (remain - 1) + 1;

  73. 

  74. 		begin += seg->len;

  75. 		remain -= seg->len;

  76. 		used ++;

  77. 		seg ++;

  78. 	}

  79. 

  80. 	if (remain > 0) {

  81. 		seg->data = begin;

  82. 		seg->len = remain;

  83. 		used ++;

  84. 	}

  85. 

  86. 	return used;

  87. }

  88. 

  89. static int

  90. create_realistic_split (struct rspamd_cryptobox_segment *seg, int mseg,

  91. 		guchar *begin, guchar *end)

  92. {

  93. 	gsize remain = end - begin;

  94. 	gint used = 0;

  95. 	static const int small_seg = 512, medium_seg = 2048;

  96. 

  97. 	while (remain > 0 && used < mseg - 1) {

  98. 		seg->data = begin;

  99. 

  100. 		if (ottery_rand_uint32 () % 2 == 0) {

  101. 			seg->len = ottery_rand_range (small_seg) + 1;

  102. 		}

  103. 		else {

  104. 			seg->len = ottery_rand_range (medium_seg) +

  105. 					small_seg;

  106. 		}

  107. 		if (seg->len > remain) {

  108. 			seg->len = remain;

  109. 		}

  110. 

  111. 		begin += seg->len;

  112. 		remain -= seg->len;

  113. 		used ++;

  114. 		seg ++;

  115. 	}

  116. 

  117. 	if (remain > 0) {

  118. 		seg->data = begin;

  119. 		seg->len = remain;

  120. 		used ++;

  121. 	}

  122. 

  123. 	return used;

  124. }

  125. 

  126. static int

  127. create_constrainted_split (struct rspamd_cryptobox_segment *seg, int mseg,

  128. 		int constraint,

  129. 		guchar *begin, guchar *end)

  130. {

  131. 	gsize remain = end - begin;

  132. 	gint used = 0;

  133. 

  134. 	while (remain > 0 && used < mseg - 1) {

  135. 		seg->data = begin;

  136. 		seg->len = constraint;

  137. 		if (seg->len > remain) {

  138. 			seg->len = remain;

  139. 		}

  140. 		begin += seg->len;

  141. 		remain -= seg->len;

  142. 		used ++;

  143. 		seg ++;

  144. 	}

  145. 

  146. 	if (remain > 0) {

  147. 		seg->data = begin;

  148. 		seg->len = remain;

  149. 		used ++;

  150. 	}

  151. 

  152. 	return used;

  153. }

  154. 

  155. void

  156. rspamd_cryptobox_test_func (void)

  157. {

  158. 	void *map;

  159. 	guchar *begin, *end;

  160. 	rspamd_nm_t key;

  161. 	rspamd_nonce_t nonce;

  162. 	rspamd_mac_t mac;

  163. 	struct rspamd_cryptobox_segment *seg;

  164. 	double t1, t2;

  165. 	gint i, cnt, ms;

  166. 	gboolean checked_openssl = FALSE;

  167. 

  168. 	map = create_mapping (mapping_size, &begin, &end);

  169. 

  170. 	ottery_rand_bytes (key, sizeof (key));

  171. 	ottery_rand_bytes (nonce, sizeof (nonce));

  172. 

  173. 	memset (mac, 0, sizeof (mac));

  174. 	seg = g_slice_alloc0 (sizeof (*seg) * max_seg * 10);

  175. 

  176. 	/* Test baseline */

  177. 	t1 = rspamd_get_ticks (TRUE);

  178. 	rspamd_cryptobox_encrypt_nm_inplace (begin, end - begin, nonce, key, mac,

  179. 			mode);

  180. 	t2 = rspamd_get_ticks (TRUE);

  181. 	check_result (key, nonce, mac, begin, end);

  182. 

  183. 	msg_info ("baseline encryption: %.0f", t2 - t1);

  184. 

  185. 	mode = RSPAMD_CRYPTOBOX_MODE_NIST;

  186. 	t1 = rspamd_get_ticks (TRUE);

  187. 	rspamd_cryptobox_encrypt_nm_inplace (begin,

  188. 			end - begin,

  189. 			nonce,

  190. 			key,

  191. 			mac,

  192. 			mode);

  193. 	t2 = rspamd_get_ticks (TRUE);

  194. 	check_result (key, nonce, mac, begin, end);

  195. 

  196. 	msg_info ("openssl baseline encryption: %.0f", t2 - t1);

  197. 	mode = RSPAMD_CRYPTOBOX_MODE_25519;

  198. 

  199. start:

  200. 	/* A single chunk as vector */

  201. 	seg[0].data = begin;

  202. 	seg[0].len = end - begin;

  203. 	t1 = rspamd_get_ticks (TRUE);

  204. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 1, nonce, key, mac, mode);

  205. 	t2 = rspamd_get_ticks (TRUE);

  206. 

  207. 	check_result (key, nonce, mac, begin, end);

  208. 

  209. 	msg_info ("bulk encryption: %.0f", t2 - t1);

  210. 

  211. 	/* Two chunks as vector */

  212. 	seg[0].data = begin;

  213. 	seg[0].len = (end - begin) / 2;

  214. 	seg[1].data = begin + seg[0].len;

  215. 	seg[1].len = (end - begin) - seg[0].len;

  216. 	t1 = rspamd_get_ticks (TRUE);

  217. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac, mode);

  218. 	t2 = rspamd_get_ticks (TRUE);

  219. 

  220. 	check_result (key, nonce, mac, begin, end);

  221. 

  222. 	msg_info ("2 equal chunks encryption: %.0f", t2 - t1);

  223. 

  224. 	seg[0].data = begin;

  225. 	seg[0].len = 1;

  226. 	seg[1].data = begin + seg[0].len;

  227. 	seg[1].len = (end - begin) - seg[0].len;

  228. 	t1 = rspamd_get_ticks (TRUE);

  229. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac, mode);

  230. 	t2 = rspamd_get_ticks (TRUE);

  231. 

  232. 	check_result (key, nonce, mac, begin, end);

  233. 

  234. 	msg_info ("small and large chunks encryption: %.0f", t2 - t1);

  235. 

  236. 	seg[0].data = begin;

  237. 	seg[0].len = (end - begin) - 3;

  238. 	seg[1].data = begin + seg[0].len;

  239. 	seg[1].len = (end - begin) - seg[0].len;

  240. 	t1 = rspamd_get_ticks (TRUE);

  241. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac, mode);

  242. 	t2 = rspamd_get_ticks (TRUE);

  243. 

  244. 	check_result (key, nonce, mac, begin, end);

  245. 

  246. 	msg_info ("large and small chunks encryption: %.0f", t2 - t1);

  247. 

  248. 	/* Random two chunks as vector */

  249. 	seg[0].data = begin;

  250. 	seg[0].len = ottery_rand_range (end - begin - 1) + 1;

  251. 	seg[1].data = begin + seg[0].len;

  252. 	seg[1].len = (end - begin) - seg[0].len;

  253. 	t1 = rspamd_get_ticks (TRUE);

  254. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 2, nonce, key, mac, mode);

  255. 	t2 = rspamd_get_ticks (TRUE);

  256. 

  257. 	check_result (key, nonce, mac, begin, end);

  258. 

  259. 	msg_info ("random 2 chunks encryption: %.0f", t2 - t1);

  260. 

  261. 	/* 3 specific chunks */

  262. 	seg[0].data = begin;

  263. 	seg[0].len = 2;

  264. 	seg[1].data = begin + seg[0].len;

  265. 	seg[1].len = 2049;

  266. 	seg[2].data = begin + seg[0].len + seg[1].len;

  267. 	seg[2].len = (end - begin) - seg[0].len - seg[1].len;

  268. 	t1 = rspamd_get_ticks (TRUE);

  269. 	rspamd_cryptobox_encryptv_nm_inplace (seg, 3, nonce, key, mac, mode);

  270. 	t2 = rspamd_get_ticks (TRUE);

  271. 

  272. 	check_result (key, nonce, mac, begin, end);

  273. 

  274. 	msg_info ("small, medium and large chunks encryption: %.0f", t2 - t1);

  275. 

  276. 	cnt = create_random_split (seg, max_seg, begin, end);

  277. 	t1 = rspamd_get_ticks (TRUE);

  278. 	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  279. 	t2 = rspamd_get_ticks (TRUE);

  280. 

  281. 	check_result (key, nonce, mac, begin, end);

  282. 

  283. 	msg_info ("random split of %d chunks encryption: %.0f", cnt, t2 - t1);

  284. 

  285. 	cnt = create_realistic_split (seg, max_seg, begin, end);

  286. 	t1 = rspamd_get_ticks (TRUE);

  287. 	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  288. 	t2 = rspamd_get_ticks (TRUE);

  289. 

  290. 	check_result (key, nonce, mac, begin, end);

  291. 

  292. 	msg_info ("realistic split of %d chunks encryption: %.0f", cnt, t2 - t1);

  293. 

  294. 	cnt = create_constrainted_split (seg, max_seg + 1, 32, begin, end);

  295. 	t1 = rspamd_get_ticks (TRUE);

  296. 	rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  297. 	t2 = rspamd_get_ticks (TRUE);

  298. 

  299. 	check_result (key, nonce, mac, begin, end);

  300. 

  301. 	msg_info ("constrainted split of %d chunks encryption: %.0f", cnt, t2 - t1);

  302. 

  303. 	for (i = 0; i < random_fuzz_cnt; i ++) {

  304. 		ms = ottery_rand_range (i % max_seg * 2) + 1;

  305. 		cnt = create_random_split (seg, ms, begin, end);

  306. 		t1 = rspamd_get_ticks (TRUE);

  307. 		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  308. 		t2 = rspamd_get_ticks (TRUE);

  309. 

  310. 		check_result (key, nonce, mac, begin, end);

  311. 

  312. 		if (i % 1000 == 0) {

  313. 			msg_info ("random fuzz iterations: %d", i);

  314. 		}

  315. 	}

  316. 	for (i = 0; i < random_fuzz_cnt; i ++) {

  317. 		ms = ottery_rand_range (i % max_seg * 2) + 1;

  318. 		cnt = create_realistic_split (seg, ms, begin, end);

  319. 		t1 = rspamd_get_ticks (TRUE);

  320. 		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  321. 		t2 = rspamd_get_ticks (TRUE);

  322. 

  323. 		check_result (key, nonce, mac, begin, end);

  324. 

  325. 		if (i % 1000 == 0) {

  326. 			msg_info ("realistic fuzz iterations: %d", i);

  327. 		}

  328. 	}

  329. 	for (i = 0; i < random_fuzz_cnt; i ++) {

  330. 		ms = ottery_rand_range (i % max_seg * 10) + 1;

  331. 		cnt = create_constrainted_split (seg, ms, i, begin, end);

  332. 		t1 = rspamd_get_ticks (TRUE);

  333. 		rspamd_cryptobox_encryptv_nm_inplace (seg, cnt, nonce, key, mac, mode);

  334. 		t2 = rspamd_get_ticks (TRUE);

  335. 

  336. 		check_result (key, nonce, mac, begin, end);

  337. 

  338. 		if (i % 1000 == 0) {

  339. 			msg_info ("constrainted fuzz iterations: %d", i);

  340. 		}

  341. 	}

  342. 

  343. 	if (!checked_openssl) {

  344. 		checked_openssl = TRUE;

  345. 		mode = RSPAMD_CRYPTOBOX_MODE_NIST;

  346. 		goto start;

  347. 	}

  348. }