mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 22:15:20 +00:00
Rewrite testcrypto.sh into python
Run the crypto support checks when initializing the isctest package and save those results in environment variable. This removes the need to repeatedly check for crypto operation support, as it's not something that would change at test runtime.
This commit is contained in:
@@ -12,13 +12,14 @@
|
||||
import os
|
||||
|
||||
from .all import ALL
|
||||
from .algorithms import set_algorithm_set
|
||||
from .algorithms import init_crypto_supported, set_algorithm_set
|
||||
from .openssl import parse_openssl_config
|
||||
from .. import log
|
||||
|
||||
|
||||
def init_vars():
|
||||
"""Initializes the environment variables."""
|
||||
init_crypto_supported()
|
||||
set_algorithm_set(os.getenv("ALGORITHM_SET"))
|
||||
parse_openssl_config(ALL["OPENSSL_CONF"])
|
||||
|
||||
|
@@ -10,10 +10,10 @@
|
||||
# information regarding copyright ownership.
|
||||
|
||||
import os
|
||||
from pathlib import Path
|
||||
import platform
|
||||
import random
|
||||
import subprocess
|
||||
import tempfile
|
||||
import time
|
||||
from typing import Dict, List, NamedTuple, Optional, Union
|
||||
|
||||
@@ -112,25 +112,54 @@ ALGORITHM_SETS = {
|
||||
# ),
|
||||
}
|
||||
|
||||
# TODO rewrite testcrypto.sh to python
|
||||
TESTCRYPTO = Path(__file__).resolve().parent.parent.parent / "testcrypto.sh"
|
||||
|
||||
|
||||
def _is_supported(alg: Algorithm) -> bool:
|
||||
def is_crypto_supported(alg: Algorithm) -> bool:
|
||||
"""Test whether a given algorithm is supported on the current platform."""
|
||||
try:
|
||||
subprocess.run(
|
||||
f"{TESTCRYPTO} -q {alg.name}",
|
||||
shell=True,
|
||||
check=True,
|
||||
env=BASIC_VARS,
|
||||
assert alg in ALL_ALGORITHMS, f"unknown algorithm: {alg}"
|
||||
with tempfile.TemporaryDirectory() as tmpdir:
|
||||
proc = subprocess.run(
|
||||
[
|
||||
BASIC_VARS["KEYGEN"],
|
||||
"-a",
|
||||
alg.name,
|
||||
"-b",
|
||||
str(alg.bits),
|
||||
"foo",
|
||||
],
|
||||
cwd=tmpdir,
|
||||
check=False,
|
||||
stdout=subprocess.DEVNULL,
|
||||
)
|
||||
except subprocess.CalledProcessError as exc:
|
||||
log.debug(exc)
|
||||
if proc.returncode == 0:
|
||||
return True
|
||||
log.info("algorithm %s not supported", alg.name)
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
# Indicate algorithm support on the current platform.
|
||||
CRYPTO_SUPPORTED_VARS = {
|
||||
"RSASHA1_SUPPORTED": "0",
|
||||
"RSASHA256_SUPPORTED": "0",
|
||||
"RSASHA512_SUPPORTED": "0",
|
||||
"ECDSAP256SHA256_SUPPORTED": "0",
|
||||
"ECDSAP384SHA384_SUPPORTED": "0",
|
||||
"ED25519_SUPPORTED": "0",
|
||||
"ED448_SUPPORTED": "0",
|
||||
}
|
||||
|
||||
SUPPORTED_ALGORITHMS: List[Algorithm] = []
|
||||
|
||||
|
||||
def init_crypto_supported():
|
||||
"""Initialize the environment variables indicating cryptography support."""
|
||||
for alg in ALL_ALGORITHMS:
|
||||
supported = is_crypto_supported(alg)
|
||||
if supported:
|
||||
SUPPORTED_ALGORITHMS.append(alg)
|
||||
envvar = f"{alg.name}_SUPPORTED"
|
||||
val = "1" if supported else "0"
|
||||
CRYPTO_SUPPORTED_VARS[envvar] = val
|
||||
os.environ[envvar] = val
|
||||
|
||||
|
||||
def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
|
||||
@@ -140,7 +169,7 @@ def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
|
||||
candidates = getattr(algs, alg_type)
|
||||
if isinstance(candidates, Algorithm):
|
||||
candidates = [candidates]
|
||||
supported = list(filter(_is_supported, candidates))
|
||||
supported = [alg for alg in candidates if alg in SUPPORTED_ALGORITHMS]
|
||||
if len(supported) == 1:
|
||||
supported = supported.pop()
|
||||
elif not supported:
|
||||
|
@@ -15,7 +15,7 @@ from collections import ChainMap
|
||||
from .autoconf import AC_VARS # type: ignore
|
||||
|
||||
# pylint: enable=import-error
|
||||
from .algorithms import ALG_VARS
|
||||
from .algorithms import ALG_VARS, CRYPTO_SUPPORTED_VARS
|
||||
from .basic import BASIC_VARS
|
||||
from .dirs import DIR_VARS
|
||||
from .openssl import OPENSSL_VARS
|
||||
@@ -53,4 +53,12 @@ class VarLookup(ChainMap):
|
||||
return iter(self.keys())
|
||||
|
||||
|
||||
ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS, PORT_VARS, DIR_VARS, ALG_VARS)
|
||||
ALL = VarLookup(
|
||||
AC_VARS,
|
||||
BASIC_VARS,
|
||||
OPENSSL_VARS,
|
||||
PORT_VARS,
|
||||
DIR_VARS,
|
||||
ALG_VARS,
|
||||
CRYPTO_SUPPORTED_VARS,
|
||||
)
|
||||
|
@@ -1,94 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
prog=$0
|
||||
args=""
|
||||
quiet=0
|
||||
dir=""
|
||||
msg="cryptography"
|
||||
|
||||
if test -z "$KEYGEN"; then
|
||||
. ../conf.sh
|
||||
alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
|
||||
else
|
||||
alg=""
|
||||
quiet=1
|
||||
args="-q"
|
||||
fi
|
||||
|
||||
while test "$#" -gt 0; do
|
||||
case $1 in
|
||||
-q)
|
||||
if test $quiet -eq 0; then
|
||||
args="$args -q"
|
||||
quiet=1
|
||||
fi
|
||||
;;
|
||||
rsa | RSA | rsasha1 | RSASHA1)
|
||||
alg="-a RSASHA1"
|
||||
msg="RSA cryptography"
|
||||
;;
|
||||
rsasha256 | RSASHA256)
|
||||
alg="-a RSASHA256"
|
||||
msg="RSA cryptography"
|
||||
;;
|
||||
rsasha512 | RSASHA512)
|
||||
alg="-a RSASHA512"
|
||||
msg="RSA cryptography"
|
||||
;;
|
||||
ecdsa | ECDSA | ecdsap256sha256 | ECDSAP256SHA256)
|
||||
alg="-a ECDSAP256SHA256"
|
||||
msg="ECDSA cryptography"
|
||||
;;
|
||||
ecdsap384sha384 | ECDSAP384SHA384)
|
||||
alg="-a ECDSAP384SHA384"
|
||||
msg="ECDSA cryptography"
|
||||
;;
|
||||
eddsa | EDDSA | ed25519 | ED25519)
|
||||
alg="-a ED25519"
|
||||
msg="EDDSA cryptography"
|
||||
;;
|
||||
ed448 | ED448)
|
||||
alg="-a ED448"
|
||||
msg="EDDSA cryptography"
|
||||
;;
|
||||
*)
|
||||
echo "${prog}: unknown argument"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if test -z "$alg"; then
|
||||
echo "${prog}: no algorithm selected"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if test -n "$TMPDIR"; then
|
||||
dir=$(mktemp -d "$TMPDIR/XXXXXX")
|
||||
args="$args -K $dir"
|
||||
fi
|
||||
|
||||
if $KEYGEN $args $alg foo >/dev/null 2>&1; then
|
||||
if test -z "$dir"; then
|
||||
rm -f Kfoo*
|
||||
else
|
||||
rm -rf "$dir"
|
||||
fi
|
||||
else
|
||||
if test $quiet -eq 0; then
|
||||
echo_i "This test requires support for $msg" >&2
|
||||
fi
|
||||
exit 255
|
||||
fi
|
Reference in New Issue
Block a user