Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/8.0-staging] Backport Azure Linux test changes #107061

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions eng/pipelines/libraries/helix-queues-setup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ jobs:
- Ubuntu.2204.Amd64.Open
- (Debian.12.Amd64.Open)[email protected]/dotnet-buildtools/prereqs:debian-12-helix-amd64
- (Mariner.2.0.Amd64.Open)[email protected]/dotnet-buildtools/prereqs:cbl-mariner-2.0-helix-amd64
- (AzureLinux.3.0.Amd64.Open)[email protected]/dotnet-buildtools/prereqs:azurelinux-3.0-helix-amd64
- (openSUSE.15.2.Amd64.Open)[email protected]/dotnet-buildtools/prereqs:opensuse-15.2-helix-amd64
- ${{ if or(ne(parameters.jobParameters.isExtraPlatforms, true), eq(parameters.jobParameters.includeAllPlatforms, true)) }}:
- (Centos.9.Amd64.Open)[email protected]/dotnet-buildtools/prereqs:centos-stream9-helix
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ public abstract partial class ECKeyFileTests<T> where T : ECAlgorithm

// This would need to be virtualized if there was ever a platform that
// allowed explicit in ECDH or ECDSA but not the other.
public static bool SupportsExplicitCurves { get; } = EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupported;
public static bool SupportsExplicitCurves { get; } =
EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupported ||
EcDiffieHellman.Tests.ECDiffieHellmanFactory.ExplicitCurvesSupportFailOnUseOnly;

public static bool CanDeriveNewPublicKey { get; } = EcDiffieHellman.Tests.ECDiffieHellmanFactory.CanDeriveNewPublicKey;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public interface IECDiffieHellmanProvider
#endif
bool IsCurveValid(Oid oid);
bool ExplicitCurvesSupported { get; }
bool ExplicitCurvesSupportFailOnUseOnly => PlatformDetection.IsAzureLinux;
bool CanDeriveNewPublicKey { get; }
bool SupportsRawDerivation { get; }
bool SupportsSha3 { get; }
Expand Down Expand Up @@ -48,5 +49,7 @@ public static bool IsCurveValid(Oid oid)
public static bool SupportsRawDerivation => s_provider.SupportsRawDerivation;

public static bool SupportsSha3 => s_provider.SupportsSha3;

public static bool ExplicitCurvesSupportFailOnUseOnly => s_provider.ExplicitCurvesSupportFailOnUseOnly;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ public static void TestGeneralExportWithExplicitParameters()
[Fact]
public static void TestExplicitCurveImportOnUnsupportedPlatform()
{
if (ECDiffieHellmanFactory.ExplicitCurvesSupported)
if (ECDiffieHellmanFactory.ExplicitCurvesSupported || ECDiffieHellmanFactory.ExplicitCurvesSupportFailOnUseOnly)
{
return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public interface IECDsaProvider
#endif
bool IsCurveValid(Oid oid);
bool ExplicitCurvesSupported { get; }
bool ExplicitCurvesSupportFailOnUseOnly => PlatformDetection.IsAzureLinux;
}

public static partial class ECDsaFactory
Expand Down Expand Up @@ -39,5 +40,6 @@ public static bool IsCurveValid(Oid oid)
}

public static bool ExplicitCurvesSupported => s_provider.ExplicitCurvesSupported;
public static bool ExplicitCurvesSupportFailOnUseOnly => s_provider.ExplicitCurvesSupportFailOnUseOnly;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ namespace System.Security.Cryptography.Rsa.Tests
[SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
public class KeyGeneration
{
[Fact]
[ConditionalFact(typeof(PlatformDetection), nameof(PlatformDetection.IsNotAzureLinux))]
public static void GenerateMinKey()
{
GenerateKey(rsa => GetMin(rsa.LegalKeySizes));
}

[Fact]
[ConditionalFact(typeof(PlatformDetection), nameof(PlatformDetection.IsNotAzureLinux))]
public static void GenerateSecondMinKey()
{
GenerateKey(rsa => GetSecondMin(rsa.LegalKeySizes));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ public interface IRSAProvider
bool SupportsSha2Oaep { get; }
bool SupportsPss { get; }
bool SupportsSha1Signatures { get; }
bool SupportsMd5Signatures { get; }
bool SupportsSha3 { get; }
}

Expand Down Expand Up @@ -43,6 +44,7 @@ public static RSA Create(RSAParameters rsaParameters)
public static bool SupportsPss => s_provider.SupportsPss;

public static bool SupportsSha1Signatures => s_provider.SupportsSha1Signatures;
public static bool SupportsMd5Signatures => s_provider.SupportsMd5Signatures;

public static bool SupportsSha3 => s_provider.SupportsSha3;
public static bool NoSupportsSha3 => !SupportsSha3;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -600,7 +600,11 @@ public static IEnumerable<object[]> RoundTripTheories
yield return new object[] { nameof(HashAlgorithmName.SHA1), rsaParameters };
}

yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters };
if (RSAFactory.SupportsMd5Signatures)
{
yield return new object[] { nameof(HashAlgorithmName.MD5), rsaParameters };
}

yield return new object[] { nameof(HashAlgorithmName.SHA256), rsaParameters };
}

Expand Down Expand Up @@ -1589,7 +1593,11 @@ public static IEnumerable<object[]> HashAlgorithmNames
yield return new object[] { HashAlgorithmName.SHA256.Name };
yield return new object[] { HashAlgorithmName.SHA384.Name };
yield return new object[] { HashAlgorithmName.SHA512.Name };
yield return new object[] { HashAlgorithmName.MD5.Name };

if (RSAFactory.SupportsMd5Signatures)
{
yield return new object[] { HashAlgorithmName.MD5.Name };
}

if (RSAFactory.SupportsSha1Signatures)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,17 @@ namespace System.Security.Cryptography.Tests
{
internal static class SignatureSupport
{
internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.SHA1);
internal static bool CanProduceMd5Signature(AsymmetricAlgorithm algorithm) => CanProduceSignature(algorithm, HashAlgorithmName.MD5);

private static bool CanProduceSignature(AsymmetricAlgorithm algorithm, HashAlgorithmName hashAlgorithmName)
{
using (algorithm)
{
#if NETFRAMEWORK
return true;
#else
// We expect all non-Linux platforms to support SHA1 signatures, currently.
// We expect all non-Linux platforms to support any signatures, currently.
if (!OperatingSystem.IsLinux())
{
return true;
Expand All @@ -23,7 +26,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
case ECDsa ecdsa:
try
{
ecdsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1);
ecdsa.SignData(Array.Empty<byte>(), hashAlgorithmName);
return true;
}
catch (CryptographicException)
Expand All @@ -33,7 +36,7 @@ internal static bool CanProduceSha1Signature(AsymmetricAlgorithm algorithm)
case RSA rsa:
try
{
rsa.SignData(Array.Empty<byte>(), HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
rsa.SignData(Array.Empty<byte>(), hashAlgorithmName, RSASignaturePadding.Pkcs1);
return true;
}
catch (CryptographicException)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,11 @@ public static partial class PlatformDetection
public static bool IsTizen => IsDistroAndVersion("tizen");
public static bool IsFedora => IsDistroAndVersion("fedora");
public static bool IsLinuxBionic => IsBionic();
public static bool IsAzureLinux => IsDistroAndVersionOrHigher("azurelinux", 3);

public static bool IsMonoLinuxArm64 => IsMonoRuntime && IsLinux && IsArm64Process;
public static bool IsNotMonoLinuxArm64 => !IsMonoLinuxArm64;
public static bool IsNotAzureLinux => !IsAzureLinux;

// OSX family
public static bool IsOSXLike => IsOSX || IsiOS || IstvOS || IsMacCatalyst;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ public bool Supports384PrivateKey

public bool SupportsSha1Signatures => true;

public bool SupportsMd5Signatures => true;

public bool SupportsSha3 { get; } = SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -156,9 +156,12 @@ public static void VerifyLegacySignVerifyHash(bool useLegacySign, bool useLegacy

public static IEnumerable<object[]> AlgorithmIdentifiers()
{
yield return new object[] { "MD5", MD5.Create() };
yield return new object[] { "MD5", typeof(MD5) };
yield return new object[] { "MD5", "1.2.840.113549.2.5" };
if (RSAFactory.SupportsMd5Signatures)
{
yield return new object[] { "MD5", MD5.Create() };
yield return new object[] { "MD5", typeof(MD5) };
yield return new object[] { "MD5", "1.2.840.113549.2.5" };
}

if (RSAFactory.SupportsSha1Signatures)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ namespace System.Security.Cryptography.Rsa.Tests
public class RSACryptoServiceProviderProvider : IRSAProvider
{
private bool? _supportsSha1Signatures;
private bool? _supportsMd5Signatures;

public RSA Create() => new RSACryptoServiceProvider();

Expand All @@ -23,6 +24,7 @@ public class RSACryptoServiceProviderProvider : IRSAProvider
public bool SupportsPss => false;

public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());

public bool SupportsSha3 => false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public bool ExplicitCurvesSupported
{
get
{
return true;
return !PlatformDetection.IsAzureLinux;
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ namespace System.Security.Cryptography.Rsa.Tests
public class RSAOpenSslProvider : IRSAProvider
{
private bool? _supportsSha1Signatures;
private bool? _supportsMd5Signatures;

public RSA Create() => new RSAOpenSsl();

Expand All @@ -22,6 +23,7 @@ public class RSAOpenSslProvider : IRSAProvider
public bool SupportsPss => true;

public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());

public bool SupportsSha3 => SHA3_256.IsSupported; // If SHA3_256 is supported, assume 384 and 512 are, too.
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public static void BuildWithFactoryReadDirect()
Assert.True(rsa2.TrySignData(
keyBag.Pkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1,
out int sigLen));

Expand All @@ -38,7 +38,7 @@ public static void BuildWithFactoryReadDirect()
Assert.True(rsa.VerifyData(
keyBag.Pkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1));
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public static void BuildWithCharsFactoryReadDirect()
Assert.True(rsa2.TrySignData(
keyBag.EncryptedPkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1,
out int sigLen));

Expand All @@ -49,7 +49,7 @@ public static void BuildWithCharsFactoryReadDirect()
Assert.True(rsa.VerifyData(
keyBag.EncryptedPkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1));
}
}
Expand Down Expand Up @@ -77,7 +77,7 @@ public static void BuildWithBytesFactoryReadDirect()
Assert.True(rsa2.TrySignData(
keyBag.EncryptedPkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1,
out int sigLen));

Expand All @@ -86,7 +86,7 @@ public static void BuildWithBytesFactoryReadDirect()
Assert.True(rsa.VerifyData(
keyBag.EncryptedPkcs8PrivateKey.Span,
sig,
HashAlgorithmName.MD5,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1));
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,8 @@ public class SignatureSupport
{
public static bool SupportsRsaSha1Signatures { get; } =
System.Security.Cryptography.Tests.SignatureSupport.CanProduceSha1Signature(RSA.Create());

public static bool SupportsRsaMd5Signatures { get; } =
System.Security.Cryptography.Tests.SignatureSupport.CanProduceMd5Signature(RSA.Create());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ public static void CheckSignature_ExtraStore_IsAdditional()
signer.CheckSignature(new X509Certificate2Collection(), true);
}

[Fact]
[ConditionalFact(typeof(SignatureSupport), nameof(SignatureSupport.SupportsRsaMd5Signatures))]
public static void CheckSignature_MD5WithRSA()
{
SignedCms cms = new SignedCms();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -478,6 +478,11 @@ public static void CheckIsSupported()
// CryptoKit is supported on macOS 10.15+, which is our minimum target.
expectedIsSupported = true;
}
else if (PlatformDetection.IsAzureLinux)
{
// Though Azure Linux uses OpenSSL, they build OpenSSL without ChaCha20-Poly1305.
expectedIsSupported = false;
}
else if (PlatformDetection.OpenSslPresentOnSystem && PlatformDetection.IsOpenSslSupported)
{
const int OpenSslChaChaMinimumVersion = 0x1_01_00_00_F; //major_minor_fix_patch_status
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public bool ExplicitCurvesSupported
{
get
{
if (PlatformDetection.IsOSXLike)
if (PlatformDetection.IsOSXLike || PlatformDetection.IsAzureLinux)
{
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public bool ExplicitCurvesSupported
{
get
{
if (PlatformDetection.IsOSXLike)
if (PlatformDetection.IsOSXLike || PlatformDetection.IsAzureLinux)
{
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ public class DefaultRSAProvider : IRSAProvider
{
private bool? _supports384PrivateKey;
private bool? _supportsSha1Signatures;
private bool? _supportsMd5Signatures;

public RSA Create() => RSA.Create();

Expand Down Expand Up @@ -41,6 +42,7 @@ public bool Supports384PrivateKey
}

public bool SupportsSha1Signatures => _supportsSha1Signatures ??= SignatureSupport.CanProduceSha1Signature(Create());
public bool SupportsMd5Signatures => _supportsMd5Signatures ??= SignatureSupport.CanProduceMd5Signature(Create());

public bool SupportsLargeExponent => true;

Expand Down
7 changes: 4 additions & 3 deletions src/libraries/System.Security.Cryptography/tests/HKDFTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ public abstract class HKDFTests
protected abstract byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info);
protected abstract byte[] DeriveKey(HashAlgorithmName hash, byte[] ikm, int outputLength, byte[] salt, byte[] info);

internal static bool MD5Supported => !PlatformDetection.IsBrowser && !PlatformDetection.IsAzureLinux;

[Theory]
[MemberData(nameof(GetHkdfTestCases))]
public void ExtractTests(HkdfTestCase test)
Expand All @@ -22,9 +24,8 @@ public void ExtractTests(HkdfTestCase test)
Assert.Equal(test.Prk, prk);
}

[Theory]
[ConditionalTheory(nameof(MD5Supported))]
[MemberData(nameof(GetHkdfTestCases))]
[SkipOnPlatform(TestPlatforms.Browser, "MD5 is not supported on Browser")]
public void ExtractTamperHashTests(HkdfTestCase test)
{
byte[] prk = Extract(HashAlgorithmName.MD5, 128 / 8, test.Ikm, test.Salt);
Expand Down Expand Up @@ -257,7 +258,7 @@ public static IEnumerable<object[]> GetPrkTooShortTestCases()
yield return new object[] { HashAlgorithmName.SHA256, 256 / 8 - 1 };
yield return new object[] { HashAlgorithmName.SHA512, 512 / 8 - 1 };

if (!PlatformDetection.IsBrowser)
if (MD5Supported)
{
yield return new object[] { HashAlgorithmName.MD5, 128 / 8 - 1 };
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@

namespace System.Security.Cryptography.Tests
{
[SkipOnPlatform(TestPlatforms.Browser, "Not supported on Browser")]
[ConditionalClass(typeof(HmacMD5Tests.Traits), nameof(HmacMD5Tests.Traits.IsSupported))]
public class HmacMD5Tests : Rfc2202HmacTests<HmacMD5Tests.Traits>
{
public sealed class Traits : IHmacTrait
{
public static bool IsSupported => true;
public static bool IsSupported => !PlatformDetection.IsAzureLinux && !PlatformDetection.IsBrowser;
public static int HashSizeInBytes => HMACSHA1.HashSizeInBytes;
}

Expand Down
Loading