blob: c52b97595bc12a6bd84b59acf0bf186359db0fdc [file] [log] [blame]
Jean-Paul Calderonec7b3c892011-03-02 19:40:02 -05001# Copyright (C) Jean-Paul Calderone
2# See LICENSE for details.
3
Jean-Paul Calderone19555b92008-02-19 22:29:57 -05004import sys
5
Jean-Paul Calderone8e37f762011-09-14 10:00:50 -04006from OpenSSL.crypto import (
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +01007 FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey, CRL, Revoked)
Jean-Paul Calderone19555b92008-02-19 22:29:57 -05008
Jean-Paul Calderone8e37f762011-09-14 10:00:50 -04009
10
11class BaseChecker(object):
Jean-Paul Calderone19555b92008-02-19 22:29:57 -050012 def __init__(self, iterations):
13 self.iterations = iterations
14
15
Jean-Paul Calderone8e37f762011-09-14 10:00:50 -040016
17class Checker_X509_get_pubkey(BaseChecker):
18 """
19 Leak checks for L{X509.get_pubkey}.
20 """
Jean-Paul Calderone19555b92008-02-19 22:29:57 -050021 def check_exception(self):
22 """
23 Call the method repeatedly such that it will raise an exception.
24 """
25 for i in xrange(self.iterations):
26 cert = X509()
27 try:
28 cert.get_pubkey()
29 except Error:
30 pass
31
32
33 def check_success(self):
34 """
35 Call the method repeatedly such that it will return a PKey object.
36 """
37 small = xrange(3)
38 for i in xrange(self.iterations):
39 key = PKey()
40 key.generate_key(TYPE_DSA, 256)
41 for i in small:
42 cert = X509()
43 cert.set_pubkey(key)
44 for i in small:
45 cert.get_pubkey()
46
47
Jean-Paul Calderone8e37f762011-09-14 10:00:50 -040048
49class Checker_load_privatekey(BaseChecker):
50 """
51 Leak checks for :py:obj:`load_privatekey`.
52 """
53 ENCRYPTED_PEM = """\
54-----BEGIN RSA PRIVATE KEY-----
55Proc-Type: 4,ENCRYPTED
56DEK-Info: BF-CBC,3763C340F9B5A1D0
57
58a/DO10mLjHLCAOG8/Hc5Lbuh3pfjvcTZiCexShP+tupkp0VxW2YbZjML8uoXrpA6
59fSPUo7cEC+r96GjV03ZIVhjmsxxesdWMpfkzXRpG8rUbWEW2KcCJWdSX8bEkuNW3
60uvAXdXZwiOrm56ANDo/48gj27GcLwnlA8ld39+ylAzkUJ1tcMVzzTjfcyd6BMFpR
61Yjg23ikseug6iWEsZQormdl0ITdYzmFpM+YYsG7kmmmi4UjCEYfb9zFaqJn+WZT2
62qXxmo2ZPFzmEVkuB46mf5GCqMwLRN2QTbIZX2+Dljj1Hfo5erf5jROewE/yzcTwO
63FCB5K3c2kkTv2KjcCAimjxkE+SBKfHg35W0wB0AWkXpVFO5W/TbHg4tqtkpt/KMn
64/MPnSxvYr/vEqYMfW4Y83c45iqK0Cyr2pwY60lcn8Kk=
65-----END RSA PRIVATE KEY-----
66"""
67 def check_load_privatekey_callback(self):
68 """
69 Call the function with an encrypted PEM and a passphrase callback.
70 """
71 for i in xrange(self.iterations * 10):
72 load_privatekey(
73 FILETYPE_PEM, self.ENCRYPTED_PEM, lambda *args: "hello, secret")
74
75
76 def check_load_privatekey_callback_incorrect(self):
77 """
78 Call the function with an encrypted PEM and a passphrase callback which
79 returns the wrong passphrase.
80 """
81 for i in xrange(self.iterations * 10):
82 try:
83 load_privatekey(
84 FILETYPE_PEM, self.ENCRYPTED_PEM,
85 lambda *args: "hello, public")
86 except Error:
87 pass
88
89
90 def check_load_privatekey_callback_wrong_type(self):
91 """
92 Call the function with an encrypted PEM and a passphrase callback which
93 returns a non-string.
94 """
95 for i in xrange(self.iterations * 10):
96 try:
97 load_privatekey(
98 FILETYPE_PEM, self.ENCRYPTED_PEM,
99 lambda *args: {})
Jean-Paul Calderone2a864f12011-09-14 11:10:29 -0400100 except ValueError:
Jean-Paul Calderone8e37f762011-09-14 10:00:50 -0400101 pass
102
103
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100104
Jonathan Giannuzzi8e6a64e2014-03-24 01:32:58 +0100105class Checker_CRL(BaseChecker):
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100106 """
Jonathan Giannuzzi8e6a64e2014-03-24 01:32:58 +0100107 Leak checks for L{CRL.add_revoked} and L{CRL.get_revoked}.
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100108 """
Jonathan Giannuzzi8e6a64e2014-03-24 01:32:58 +0100109 def check_add_revoked(self):
110 """
111 Call the add_revoked method repeatedly on an empty CRL.
112 """
113 for i in xrange(self.iterations * 200):
114 CRL().add_revoked(Revoked())
115
116
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100117 def check_get_revoked(self):
118 """
Jonathan Giannuzzi3b97ec12014-03-24 00:47:06 +0100119 Create a CRL object with 100 Revoked objects, then call the
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100120 get_revoked method repeatedly.
121 """
122 crl = CRL()
Jonathan Giannuzzi3b97ec12014-03-24 00:47:06 +0100123 for i in xrange(100):
124 crl.add_revoked(Revoked())
Jonathan Giannuzzi99eff822014-03-23 22:48:41 +0100125 for i in xrange(self.iterations):
126 crl.get_revoked()
127
128
129
Jean-Paul Calderone19555b92008-02-19 22:29:57 -0500130def vmsize():
131 return [x for x in file('/proc/self/status').readlines() if 'VmSize' in x]
132
133
134def main(iterations='1000'):
135 iterations = int(iterations)
136 for klass in globals():
137 if klass.startswith('Checker_'):
138 klass = globals()[klass]
139 print klass
140 checker = klass(iterations)
141 for meth in dir(checker):
142 if meth.startswith('check_'):
143 print '\t', meth, vmsize(), '...',
144 getattr(checker, meth)()
145 print vmsize()
146
147
148if __name__ == '__main__':
149 main(*sys.argv[1:])