diff --git a/bin/tests/system/isctest/vars/__init__.py b/bin/tests/system/isctest/vars/__init__.py index 6ed7020344..1af9e20767 100644 --- a/bin/tests/system/isctest/vars/__init__.py +++ b/bin/tests/system/isctest/vars/__init__.py @@ -12,13 +12,14 @@ import os from .all import ALL -from .algorithms import set_algorithm_set +from .algorithms import init_crypto_supported, set_algorithm_set from .openssl import parse_openssl_config from .. import log def init_vars(): """Initializes the environment variables.""" + init_crypto_supported() set_algorithm_set(os.getenv("ALGORITHM_SET")) parse_openssl_config(ALL["OPENSSL_CONF"]) diff --git a/bin/tests/system/isctest/vars/algorithms.py b/bin/tests/system/isctest/vars/algorithms.py index 41888649ec..56f3edc62c 100644 --- a/bin/tests/system/isctest/vars/algorithms.py +++ b/bin/tests/system/isctest/vars/algorithms.py @@ -10,10 +10,10 @@ # information regarding copyright ownership. import os -from pathlib import Path import platform import random import subprocess +import tempfile import time from typing import Dict, List, NamedTuple, Optional, Union @@ -112,25 +112,54 @@ ALGORITHM_SETS = { # ), } -# TODO rewrite testcrypto.sh to python -TESTCRYPTO = Path(__file__).resolve().parent.parent.parent / "testcrypto.sh" - -def _is_supported(alg: Algorithm) -> bool: +def is_crypto_supported(alg: Algorithm) -> bool: """Test whether a given algorithm is supported on the current platform.""" - try: - subprocess.run( - f"{TESTCRYPTO} -q {alg.name}", - shell=True, - check=True, - env=BASIC_VARS, + assert alg in ALL_ALGORITHMS, f"unknown algorithm: {alg}" + with tempfile.TemporaryDirectory() as tmpdir: + proc = subprocess.run( + [ + BASIC_VARS["KEYGEN"], + "-a", + alg.name, + "-b", + str(alg.bits), + "foo", + ], + cwd=tmpdir, + check=False, stdout=subprocess.DEVNULL, ) - except subprocess.CalledProcessError as exc: - log.debug(exc) + if proc.returncode == 0: + return True log.info("algorithm %s not supported", alg.name) return False - return True + + +# Indicate algorithm support on the current platform. +CRYPTO_SUPPORTED_VARS = { + "RSASHA1_SUPPORTED": "0", + "RSASHA256_SUPPORTED": "0", + "RSASHA512_SUPPORTED": "0", + "ECDSAP256SHA256_SUPPORTED": "0", + "ECDSAP384SHA384_SUPPORTED": "0", + "ED25519_SUPPORTED": "0", + "ED448_SUPPORTED": "0", +} + +SUPPORTED_ALGORITHMS: List[Algorithm] = [] + + +def init_crypto_supported(): + """Initialize the environment variables indicating cryptography support.""" + for alg in ALL_ALGORITHMS: + supported = is_crypto_supported(alg) + if supported: + SUPPORTED_ALGORITHMS.append(alg) + envvar = f"{alg.name}_SUPPORTED" + val = "1" if supported else "0" + CRYPTO_SUPPORTED_VARS[envvar] = val + os.environ[envvar] = val def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet: @@ -140,7 +169,7 @@ def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet: candidates = getattr(algs, alg_type) if isinstance(candidates, Algorithm): candidates = [candidates] - supported = list(filter(_is_supported, candidates)) + supported = [alg for alg in candidates if alg in SUPPORTED_ALGORITHMS] if len(supported) == 1: supported = supported.pop() elif not supported: diff --git a/bin/tests/system/isctest/vars/all.py b/bin/tests/system/isctest/vars/all.py index 3478a84a54..eabe2c3791 100644 --- a/bin/tests/system/isctest/vars/all.py +++ b/bin/tests/system/isctest/vars/all.py @@ -15,7 +15,7 @@ from collections import ChainMap from .autoconf import AC_VARS # type: ignore # pylint: enable=import-error -from .algorithms import ALG_VARS +from .algorithms import ALG_VARS, CRYPTO_SUPPORTED_VARS from .basic import BASIC_VARS from .dirs import DIR_VARS from .openssl import OPENSSL_VARS @@ -53,4 +53,12 @@ class VarLookup(ChainMap): return iter(self.keys()) -ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS, PORT_VARS, DIR_VARS, ALG_VARS) +ALL = VarLookup( + AC_VARS, + BASIC_VARS, + OPENSSL_VARS, + PORT_VARS, + DIR_VARS, + ALG_VARS, + CRYPTO_SUPPORTED_VARS, +) diff --git a/bin/tests/system/testcrypto.sh b/bin/tests/system/testcrypto.sh deleted file mode 100755 index aaf793b192..0000000000 --- a/bin/tests/system/testcrypto.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -prog=$0 -args="" -quiet=0 -dir="" -msg="cryptography" - -if test -z "$KEYGEN"; then - . ../conf.sh - alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS" -else - alg="" - quiet=1 - args="-q" -fi - -while test "$#" -gt 0; do - case $1 in - -q) - if test $quiet -eq 0; then - args="$args -q" - quiet=1 - fi - ;; - rsa | RSA | rsasha1 | RSASHA1) - alg="-a RSASHA1" - msg="RSA cryptography" - ;; - rsasha256 | RSASHA256) - alg="-a RSASHA256" - msg="RSA cryptography" - ;; - rsasha512 | RSASHA512) - alg="-a RSASHA512" - msg="RSA cryptography" - ;; - ecdsa | ECDSA | ecdsap256sha256 | ECDSAP256SHA256) - alg="-a ECDSAP256SHA256" - msg="ECDSA cryptography" - ;; - ecdsap384sha384 | ECDSAP384SHA384) - alg="-a ECDSAP384SHA384" - msg="ECDSA cryptography" - ;; - eddsa | EDDSA | ed25519 | ED25519) - alg="-a ED25519" - msg="EDDSA cryptography" - ;; - ed448 | ED448) - alg="-a ED448" - msg="EDDSA cryptography" - ;; - *) - echo "${prog}: unknown argument" - exit 1 - ;; - esac - shift -done - -if test -z "$alg"; then - echo "${prog}: no algorithm selected" - exit 1 -fi - -if test -n "$TMPDIR"; then - dir=$(mktemp -d "$TMPDIR/XXXXXX") - args="$args -K $dir" -fi - -if $KEYGEN $args $alg foo >/dev/null 2>&1; then - if test -z "$dir"; then - rm -f Kfoo* - else - rm -rf "$dir" - fi -else - if test $quiet -eq 0; then - echo_i "This test requires support for $msg" >&2 - fi - exit 255 -fi