From 9310c57fe3d7b483f1cb9dd475173679035791b6 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 13 Mar 2024 15:24:04 +0200 Subject: [PATCH] Add support for Botan 3.2.0 and 3.3.0 (#10) * Install botan 3.2.0 and 3.3.0 in Fedora 36 container, and install PQC modules if available. * Added an empty line at the end of botan3-pqc-modules --------- Co-authored-by: Maxim Samsonov --- fedora-36-amd64.Dockerfile | 4 ++- tools/botan3-pqc-modules | 52 ++++++++++++++++++++++++++++++++++++++ tools/tools.sh | 22 ++++++++++++++-- 3 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 tools/botan3-pqc-modules diff --git a/fedora-36-amd64.Dockerfile b/fedora-36-amd64.Dockerfile index e3457e5..dc940dd 100644 --- a/fedora-36-amd64.Dockerfile +++ b/fedora-36-amd64.Dockerfile @@ -22,4 +22,6 @@ RUN dnf -y update RUN /opt/tools/tools.sh build_and_install_libiconv && \ /opt/tools/tools.sh build_and_install_gpg lts && \ /opt/tools/tools.sh build_and_install_gpg stable && \ - /opt/tools/tools.sh build_and_install_botan 3.1.1 + /opt/tools/tools.sh build_and_install_botan 3.1.1 && \ + /opt/tools/tools.sh build_and_install_botan 3.2.0 && \ + /opt/tools/tools.sh build_and_install_botan 3.3.0 diff --git a/tools/botan3-pqc-modules b/tools/botan3-pqc-modules new file mode 100644 index 0000000..987a5ea --- /dev/null +++ b/tools/botan3-pqc-modules @@ -0,0 +1,52 @@ +aead +aes +auto_rng +bigint +blowfish +camellia +cast128 +cbc +cfb +crc24 +curve25519 +des +dl_algo +dl_group +dsa +eax +ecc_key +ecdh +ecdsa +ed25519 +elgamal +eme_pkcs1 +emsa_pkcs1 +emsa_raw +ffi +hash +raw_hash +hmac +hmac_drbg +idea +kdf +md5 +ocb +pgp_s2k +rfc3394 +rmd160 +rsa +sha1 +sha2_32 +sha2_64 +sha3 +sm2 +sm3 +sm4 +sp800_56a +twofish +kyber +dilithium +sphincsplus_sha2 +sphincsplus_shake +hkdf +kmac diff --git a/tools/tools.sh b/tools/tools.sh index 0385f44..ccdced0 100755 --- a/tools/tools.sh +++ b/tools/tools.sh @@ -111,6 +111,19 @@ build_and_install_jsonc() { rm -rf "${jsonc_build}" } +botan_has_pqc_support() { + # Check whether version is in numeric format + if ! echo "$1" | grep -qE '^[0-9]+(\.[0-9]+)+$'; then + return 1 + fi + # Check whether botan version >= 3.2.0 + if [ "$(printf "3.2.0\n%s" "$1" | sort -V | head -n1)" = "3.2.0" ]; then + return 0 + else + return 1 + fi +} + build_and_install_botan() { BOTAN_VERSION="${1:-system}" @@ -139,8 +152,13 @@ build_and_install_botan() { local osparam=() local cpuparam=() local osslparam=() - local modules=$(cat "$DIR_TOOLS"/botan3-modules | tr '\n' ',') - [[ "${botan_v}" == "2" ]] && osslparam+=("--without-openssl") && modules=$(cat "$DIR_TOOLS"/botan-modules | tr '\n' ',') + local modules + if botan_has_pqc_support "${BOTAN_VERSION}"; then + modules=$(tr '\n' ',' < "${DIR_TOOLS}/botan3-pqc-modules") + else + modules=$(tr '\n' ',' < "${DIR_TOOLS}/botan3-modules") + fi + [[ "${botan_v}" == "2" ]] && osslparam+=("--without-openssl") && modules=$(tr '\n' ',' < "${DIR_TOOLS}/botan-modules") echo "Building botan with modules: ${modules}"