Blame - leakcheck/crypto.py - platform/external/python/pyopenssl

blob: d534c57e4284bff0f25bcdc8ccf5e950e0965959 [file] [log] [blame]

Jean-Paul Calderone	c7b3c89	2011-03-02 19:40:02 -0500	[diff] [blame]	1	# Copyright (C) Jean-Paul Calderone
				2	# See LICENSE for details.
				3
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	4	import sys
Jonathan Giannuzzi	99eff82	2014-03-23 22:48:41 +0100	[diff] [blame^]	5	import datetime
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	6
Jean-Paul Calderone	8e37f76	2011-09-14 10:00:50 -0400	[diff] [blame]	7	from OpenSSL.crypto import (
Jonathan Giannuzzi	99eff82	2014-03-23 22:48:41 +0100	[diff] [blame^]	8	FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey, CRL, Revoked)
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	9
Jean-Paul Calderone	8e37f76	2011-09-14 10:00:50 -0400	[diff] [blame]	10
				11
				12	class BaseChecker(object):
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	13	def __init__(self, iterations):
				14	self.iterations = iterations
				15
				16
Jean-Paul Calderone	8e37f76	2011-09-14 10:00:50 -0400	[diff] [blame]	17
				18	class Checker_X509_get_pubkey(BaseChecker):
				19	"""
				20	Leak checks for L{X509.get_pubkey}.
				21	"""
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	22	def check_exception(self):
				23	"""
				24	Call the method repeatedly such that it will raise an exception.
				25	"""
				26	for i in xrange(self.iterations):
				27	cert = X509()
				28	try:
				29	cert.get_pubkey()
				30	except Error:
				31	pass
				32
				33
				34	def check_success(self):
				35	"""
				36	Call the method repeatedly such that it will return a PKey object.
				37	"""
				38	small = xrange(3)
				39	for i in xrange(self.iterations):
				40	key = PKey()
				41	key.generate_key(TYPE_DSA, 256)
				42	for i in small:
				43	cert = X509()
				44	cert.set_pubkey(key)
				45	for i in small:
				46	cert.get_pubkey()
				47
				48
Jean-Paul Calderone	8e37f76	2011-09-14 10:00:50 -0400	[diff] [blame]	49
				50	class Checker_load_privatekey(BaseChecker):
				51	"""
				52	Leak checks for :py:obj:`load_privatekey`.
				53	"""
				54	ENCRYPTED_PEM = """\
				55	-----BEGIN RSA PRIVATE KEY-----
				56	Proc-Type: 4,ENCRYPTED
				57	DEK-Info: BF-CBC,3763C340F9B5A1D0
				58
				59	a/DO10mLjHLCAOG8/Hc5Lbuh3pfjvcTZiCexShP+tupkp0VxW2YbZjML8uoXrpA6
				60	fSPUo7cEC+r96GjV03ZIVhjmsxxesdWMpfkzXRpG8rUbWEW2KcCJWdSX8bEkuNW3
				61	uvAXdXZwiOrm56ANDo/48gj27GcLwnlA8ld39+ylAzkUJ1tcMVzzTjfcyd6BMFpR
				62	Yjg23ikseug6iWEsZQormdl0ITdYzmFpM+YYsG7kmmmi4UjCEYfb9zFaqJn+WZT2
				63	qXxmo2ZPFzmEVkuB46mf5GCqMwLRN2QTbIZX2+Dljj1Hfo5erf5jROewE/yzcTwO
				64	FCB5K3c2kkTv2KjcCAimjxkE+SBKfHg35W0wB0AWkXpVFO5W/TbHg4tqtkpt/KMn
				65	/MPnSxvYr/vEqYMfW4Y83c45iqK0Cyr2pwY60lcn8Kk=
				66	-----END RSA PRIVATE KEY-----
				67	"""
				68	def check_load_privatekey_callback(self):
				69	"""
				70	Call the function with an encrypted PEM and a passphrase callback.
				71	"""
				72	for i in xrange(self.iterations * 10):
				73	load_privatekey(
				74	FILETYPE_PEM, self.ENCRYPTED_PEM, lambda *args: "hello, secret")
				75
				76
				77	def check_load_privatekey_callback_incorrect(self):
				78	"""
				79	Call the function with an encrypted PEM and a passphrase callback which
				80	returns the wrong passphrase.
				81	"""
				82	for i in xrange(self.iterations * 10):
				83	try:
				84	load_privatekey(
				85	FILETYPE_PEM, self.ENCRYPTED_PEM,
				86	lambda *args: "hello, public")
				87	except Error:
				88	pass
				89
				90
				91	def check_load_privatekey_callback_wrong_type(self):
				92	"""
				93	Call the function with an encrypted PEM and a passphrase callback which
				94	returns a non-string.
				95	"""
				96	for i in xrange(self.iterations * 10):
				97	try:
				98	load_privatekey(
				99	FILETYPE_PEM, self.ENCRYPTED_PEM,
				100	lambda *args: {})
Jean-Paul Calderone	2a864f1	2011-09-14 11:10:29 -0400	[diff] [blame]	101	except ValueError:
Jean-Paul Calderone	8e37f76	2011-09-14 10:00:50 -0400	[diff] [blame]	102	pass
				103
				104
Jonathan Giannuzzi	99eff82	2014-03-23 22:48:41 +0100	[diff] [blame^]	105
				106	class Checker_CRL_get_revoked(BaseChecker):
				107	"""
				108	Leak checks for L{CRL.get_revoked}.
				109	"""
				110	def check_get_revoked(self):
				111	"""
				112	Create a CRL object with 1000 Revoked objects, then call the
				113	get_revoked method repeatedly.
				114	"""
				115	crl = CRL()
				116	for serial in xrange(1000):
				117	revoked = Revoked()
				118	revoked.set_serial(str(serial))
				119	revoked.set_rev_date(datetime.datetime.utcnow().strftime('%Y%m%d%H%M%SZ'))
				120	crl.add_revoked(revoked)
				121	for i in xrange(self.iterations):
				122	crl.get_revoked()
				123
				124
				125
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame]	126	def vmsize():
				127	return [x for x in file('/proc/self/status').readlines() if 'VmSize' in x]
				128
				129
				130	def main(iterations='1000'):
				131	iterations = int(iterations)
				132	for klass in globals():
				133	if klass.startswith('Checker_'):
				134	klass = globals()[klass]
				135	print klass
				136	checker = klass(iterations)
				137	for meth in dir(checker):
				138	if meth.startswith('check_'):
				139	print '\t', meth, vmsize(), '...',
				140	getattr(checker, meth)()
				141	print vmsize()
				142
				143
				144	if __name__ == '__main__':
				145	main(*sys.argv[1:])