mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Rewrite testcrypto.sh into python

Browse Source 
Run the crypto support checks when initializing the isctest package and
save those results in environment variable. This removes the need to
repeatedly check for crypto operation support, as it's not something
that would change at test runtime.
This commit is contained in:
Tom Krizek
2024-01-08 12:54:19 +01:00
committed by Nicki Křížek
parent 8302db407c
commit 25cb39b7fc
4 changed files with 56 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/isctest/vars/__init__.py
View File

@@ -12,13 +12,14 @@
import os
from .all import ALL
from .algorithms import set_algorithm_set
from .algorithms import init_crypto_supported, set_algorithm_set
from .openssl import parse_openssl_config
from .. import log
def init_vars():
"""Initializes the environment variables."""
init_crypto_supported()
set_algorithm_set(os.getenv("ALGORITHM_SET"))
parse_openssl_config(ALL["OPENSSL_CONF"])

59
bin/tests/system/isctest/vars/algorithms.py
View File

@@ -10,10 +10,10 @@
# information regarding copyright ownership.
import os
from pathlib import Path
import platform
import random
import subprocess
import tempfile
import time
from typing import Dict, List, NamedTuple, Optional, Union
@@ -112,25 +112,54 @@ ALGORITHM_SETS = {
# ),
}
# TODO rewrite testcrypto.sh to python
TESTCRYPTO = Path(__file__).resolve().parent.parent.parent / "testcrypto.sh"
def _is_supported(alg: Algorithm) -> bool:
def is_crypto_supported(alg: Algorithm) -> bool:
"""Test whether a given algorithm is supported on the current platform."""
try:
subprocess.run(
f"{TESTCRYPTO} -q {alg.name}",
shell=True,
check=True,
env=BASIC_VARS,
assert alg in ALL_ALGORITHMS, f"unknown algorithm: {alg}"
with tempfile.TemporaryDirectory() as tmpdir:
proc = subprocess.run(
[
BASIC_VARS["KEYGEN"],
"-a",
alg.name,
"-b",
str(alg.bits),
"foo",
],
cwd=tmpdir,
check=False,
stdout=subprocess.DEVNULL,
)
except subprocess.CalledProcessError as exc:
log.debug(exc)
if proc.returncode == 0:
return True
log.info("algorithm %s not supported", alg.name)
return False
return True
# Indicate algorithm support on the current platform.
CRYPTO_SUPPORTED_VARS = {
"RSASHA1_SUPPORTED": "0",
"RSASHA256_SUPPORTED": "0",
"RSASHA512_SUPPORTED": "0",
"ECDSAP256SHA256_SUPPORTED": "0",
"ECDSAP384SHA384_SUPPORTED": "0",
"ED25519_SUPPORTED": "0",
"ED448_SUPPORTED": "0",
}
SUPPORTED_ALGORITHMS: List[Algorithm] = []
def init_crypto_supported():
"""Initialize the environment variables indicating cryptography support."""
for alg in ALL_ALGORITHMS:
supported = is_crypto_supported(alg)
if supported:
SUPPORTED_ALGORITHMS.append(alg)
envvar = f"{alg.name}_SUPPORTED"
val = "1" if supported else "0"
CRYPTO_SUPPORTED_VARS[envvar] = val
os.environ[envvar] = val
def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
@@ -140,7 +169,7 @@ def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
candidates = getattr(algs, alg_type)
if isinstance(candidates, Algorithm):
candidates = [candidates]
supported = list(filter(_is_supported, candidates))
supported = [alg for alg in candidates if alg in SUPPORTED_ALGORITHMS]
if len(supported) == 1:
supported = supported.pop()
elif not supported:

12
bin/tests/system/isctest/vars/all.py
View File

@@ -15,7 +15,7 @@ from collections import ChainMap
from .autoconf import AC_VARS # type: ignore
# pylint: enable=import-error
from .algorithms import ALG_VARS
from .algorithms import ALG_VARS, CRYPTO_SUPPORTED_VARS
from .basic import BASIC_VARS
from .dirs import DIR_VARS
from .openssl import OPENSSL_VARS
@@ -53,4 +53,12 @@ class VarLookup(ChainMap):
return iter(self.keys())
ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS, PORT_VARS, DIR_VARS, ALG_VARS)
ALL = VarLookup(
AC_VARS,
BASIC_VARS,
OPENSSL_VARS,
PORT_VARS,
DIR_VARS,
ALG_VARS,
CRYPTO_SUPPORTED_VARS,
)

94
bin/tests/system/testcrypto.sh
View File

@@ -1,94 +0,0 @@
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
prog=$0
args=""
quiet=0
dir=""
msg="cryptography"
if test -z "$KEYGEN"; then
. ../conf.sh
alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
else
alg=""
quiet=1
args="-q"
fi
while test "$#" -gt 0; do
case $1 in
-q)
if test $quiet -eq 0; then
args="$args -q"
quiet=1
fi
;;
rsa | RSA | rsasha1 | RSASHA1)
alg="-a RSASHA1"
msg="RSA cryptography"
;;
rsasha256 | RSASHA256)
alg="-a RSASHA256"
msg="RSA cryptography"
;;
rsasha512 | RSASHA512)
alg="-a RSASHA512"
msg="RSA cryptography"
;;
ecdsa | ECDSA | ecdsap256sha256 | ECDSAP256SHA256)
alg="-a ECDSAP256SHA256"
msg="ECDSA cryptography"
;;
ecdsap384sha384 | ECDSAP384SHA384)
alg="-a ECDSAP384SHA384"
msg="ECDSA cryptography"
;;
eddsa | EDDSA | ed25519 | ED25519)
alg="-a ED25519"
msg="EDDSA cryptography"
;;
ed448 | ED448)
alg="-a ED448"
msg="EDDSA cryptography"
;;
*)
echo "${prog}: unknown argument"
exit 1
;;
esac
shift
done
if test -z "$alg"; then
echo "${prog}: no algorithm selected"
exit 1
fi
if test -n "$TMPDIR"; then
dir=$(mktemp -d "$TMPDIR/XXXXXX")
args="$args -K $dir"
fi
if $KEYGEN $args $alg foo >/dev/null 2>&1; then
if test -z "$dir"; then
rm -f Kfoo*
else
rm -rf "$dir"
fi
else
if test $quiet -eq 0; then
echo_i "This test requires support for $msg" >&2
fi
exit 255
fi