Random selection of DEFAULT_ALGORITHM in system tests at runtime (!6989) · Merge requests · ISC Open Source Projects / BIND

Tom Krizek requested to merge 3503-random-default-algorithm-in-tests into main Oct 26, 2022

Allow randomization of selected DEFAULT_ALGORITHM with the use of ALGORITHM_SET env var
Use ecc_default set for mkeys test in order to test either ECDSA or EDDSA algorithm.
See commit messages for other details.

Demonstration it works

this was with debug logging turned on, which isn't the default - linking the results here for the reviewer's pleasure

`oraclelinux7`

unsupported algorithms aren't selected: job#2859925

get_algorithms.py DEBUG choosing from ALGORITHM_SET "ecc_default"
get_algorithms.py DEBUG Command '/builds/isc-projects/bind9/bin/tests/system/testcrypto.sh -q ED25519' returned non-zero exit status 255.
get_algorithms.py INFO algorithm ED25519 not supported
get_algorithms.py DEBUG Command '/builds/isc-projects/bind9/bin/tests/system/testcrypto.sh -q ED448' returned non-zero exit status 255.
get_algorithms.py INFO algorithm ED448 not supported
get_algorithms.py INFO selected algorithms: {'DEFAULT_ALGORITHM': 'ECDSAP256SHA256', 'DEFAULT_ALGORITHM_NUMBER': '13', 'DEFAULT_BITS': '256', 'ALTERNATIVE_ALGORITHM': 'RSASHA256', 'ALTERNATIVE_ALGORITHM_NUMBER': '8', 'ALTERNATIVE_BITS': '1280', 'DISABLED_ALGORITHM': 'RSASHA1', 'DISABLED_ALGORITHM_NUMBER': '5', 'DISABLED_BITS': '1280'}

`oraclelinux9`

no unsupported ECDSA or EDDSA algs: job#2860090

get_algorithms.py DEBUG choosing from ALGORITHM_SET "ecc_default"
get_algorithms.py INFO selected algorithms: {'DEFAULT_ALGORITHM': 'ECDSAP256SHA256', 'DEFAULT_ALGORITHM_NUMBER': '13', 'DEFAULT_BITS': '256', 'ALTERNATIVE_ALGORITHM': 'RSASHA256', 'ALTERNATIVE_ALGORITHM_NUMBER': '8', 'ALTERNATIVE_BITS': '1280', 'DISABLED_ALGORITHM': 'ECDSAP384SHA384', 'DISABLED_ALGORITHM_NUMBER': '14', 'DISABLED_BITS': '384'}

`bullseye`

ED448 selected in one run: job#2859928

get_algorithms.py DEBUG choosing from ALGORITHM_SET "ecc_default"
get_algorithms.py INFO selected algorithms: {'DEFAULT_ALGORITHM': 'ED448', 'DEFAULT_ALGORITHM_NUMBER': '16', 'DEFAULT_BITS': '456', 'ALTERNATIVE_ALGORITHM': 'RSASHA256', 'ALTERNATIVE_ALGORITHM_NUMBER': '8', 'ALTERNATIVE_BITS': '1280', 'DISABLED_ALGORITHM': 'RSASHA1', 'DISABLED_ALGORITHM_NUMBER': '5', 'DISABLED_BITS': '1280'}

ECDSAP384SHA384 selected in another run:

get_algorithms.py DEBUG choosing from ALGORITHM_SET "ecc_default"
get_algorithms.py INFO selected algorithms: {'DEFAULT_ALGORITHM': 'ECDSAP384SHA384', 'DEFAULT_ALGORITHM_NUMBER': '14', 'DEFAULT_BITS': '384', 'ALTERNATIVE_ALGORITHM': 'RSASHA256', 'ALTERNATIVE_ALGORITHM_NUMBER': '8', 'ALTERNATIVE_BITS': '1280', 'DISABLED_ALGORITHM': 'RSASHA512', 'DISABLED_ALGORITHM_NUMBER': '10', 'DISABLED_BITS': '1280'}

Closes #3503 (closed)

Edited Oct 27, 2022 by Tom Krizek

Random selection of DEFAULT_ALGORITHM in system tests at runtime

Demonstration it works

oraclelinux7

oraclelinux9

bullseye

Merge request reports

`oraclelinux7`

`oraclelinux9`

`bullseye`