# information regarding copyright ownership.
import os
-from pathlib import Path
import platform
import random
import subprocess
+import tempfile
import time
from typing import Dict, List, NamedTuple, Optional, Union
# ),
}
-# TODO rewrite testcrypto.sh to python
-TESTCRYPTO = Path(__file__).resolve().parent.parent.parent / "testcrypto.sh"
-
-def _is_supported(alg: Algorithm) -> bool:
+def is_crypto_supported(alg: Algorithm) -> bool:
"""Test whether a given algorithm is supported on the current platform."""
- try:
- subprocess.run(
- f"{TESTCRYPTO} -q {alg.name}",
- shell=True,
- check=True,
- env=BASIC_VARS,
+ assert alg in ALL_ALGORITHMS, f"unknown algorithm: {alg}"
+ with tempfile.TemporaryDirectory() as tmpdir:
+ proc = subprocess.run(
+ [
+ BASIC_VARS["KEYGEN"],
+ "-a",
+ alg.name,
+ "-b",
+ str(alg.bits),
+ "foo",
+ ],
+ cwd=tmpdir,
+ check=False,
stdout=subprocess.DEVNULL,
)
- except subprocess.CalledProcessError as exc:
- log.debug(exc)
+ if proc.returncode == 0:
+ return True
log.info("algorithm %s not supported", alg.name)
return False
- return True
+
+
+# Indicate algorithm support on the current platform.
+CRYPTO_SUPPORTED_VARS = {
+ "RSASHA1_SUPPORTED": "0",
+ "RSASHA256_SUPPORTED": "0",
+ "RSASHA512_SUPPORTED": "0",
+ "ECDSAP256SHA256_SUPPORTED": "0",
+ "ECDSAP384SHA384_SUPPORTED": "0",
+ "ED25519_SUPPORTED": "0",
+ "ED448_SUPPORTED": "0",
+}
+
+SUPPORTED_ALGORITHMS: List[Algorithm] = []
+
+
+def init_crypto_supported():
+ """Initialize the environment variables indicating cryptography support."""
+ for alg in ALL_ALGORITHMS:
+ supported = is_crypto_supported(alg)
+ if supported:
+ SUPPORTED_ALGORITHMS.append(alg)
+ envvar = f"{alg.name}_SUPPORTED"
+ val = "1" if supported else "0"
+ CRYPTO_SUPPORTED_VARS[envvar] = val
+ os.environ[envvar] = val
def _filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
candidates = getattr(algs, alg_type)
if isinstance(candidates, Algorithm):
candidates = [candidates]
- supported = list(filter(_is_supported, candidates))
+ supported = [alg for alg in candidates if alg in SUPPORTED_ALGORITHMS]
if len(supported) == 1:
supported = supported.pop()
elif not supported:
from .autoconf import AC_VARS # type: ignore
# pylint: enable=import-error
-from .algorithms import ALG_VARS
+from .algorithms import ALG_VARS, CRYPTO_SUPPORTED_VARS
from .basic import BASIC_VARS
from .dirs import DIR_VARS
from .openssl import OPENSSL_VARS
return iter(self.keys())
-ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS, PORT_VARS, DIR_VARS, ALG_VARS)
+ALL = VarLookup(
+ AC_VARS,
+ BASIC_VARS,
+ OPENSSL_VARS,
+ PORT_VARS,
+ DIR_VARS,
+ ALG_VARS,
+ CRYPTO_SUPPORTED_VARS,
+)
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-prog=$0
-args=""
-quiet=0
-dir=""
-msg="cryptography"
-
-if test -z "$KEYGEN"; then
- . ../conf.sh
- alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
-else
- alg=""
- quiet=1
- args="-q"
-fi
-
-while test "$#" -gt 0; do
- case $1 in
- -q)
- if test $quiet -eq 0; then
- args="$args -q"
- quiet=1
- fi
- ;;
- rsa | RSA | rsasha1 | RSASHA1)
- alg="-a RSASHA1"
- msg="RSA cryptography"
- ;;
- rsasha256 | RSASHA256)
- alg="-a RSASHA256"
- msg="RSA cryptography"
- ;;
- rsasha512 | RSASHA512)
- alg="-a RSASHA512"
- msg="RSA cryptography"
- ;;
- ecdsa | ECDSA | ecdsap256sha256 | ECDSAP256SHA256)
- alg="-a ECDSAP256SHA256"
- msg="ECDSA cryptography"
- ;;
- ecdsap384sha384 | ECDSAP384SHA384)
- alg="-a ECDSAP384SHA384"
- msg="ECDSA cryptography"
- ;;
- eddsa | EDDSA | ed25519 | ED25519)
- alg="-a ED25519"
- msg="EDDSA cryptography"
- ;;
- ed448 | ED448)
- alg="-a ED448"
- msg="EDDSA cryptography"
- ;;
- *)
- echo "${prog}: unknown argument"
- exit 1
- ;;
- esac
- shift
-done
-
-if test -z "$alg"; then
- echo "${prog}: no algorithm selected"
- exit 1
-fi
-
-if test -n "$TMPDIR"; then
- dir=$(mktemp -d "$TMPDIR/XXXXXX")
- args="$args -K $dir"
-fi
-
-if $KEYGEN $args $alg foo >/dev/null 2>&1; then
- if test -z "$dir"; then
- rm -f Kfoo*
- else
- rm -rf "$dir"
- fi
-else
- if test $quiet -eq 0; then
- echo_i "This test requires support for $msg" >&2
- fi
- exit 255
-fi
projects / thirdparty / bind9.git / commitdiff
