Merge pull request softhsm#771 from Nordix/ci-updates

Fix Botan build and test failures
Nordix · Nov 29, 2024 · fe6e1b2 · fe6e1b2
2 parents 519f7a5 + 8635f76
commit fe6e1b2
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 8 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -67,12 +67,15 @@ jobs:
           - arch: x64
             backend: openssl
             target-platform: x64
+            build-options:
           - arch: x64
             backend: botan
             target-platform: x64
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
           - arch: x86
             backend: openssl
             target-platform: Win32
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
     steps:
       - uses: actions/checkout@v4
       - uses: ilammy/msvc-dev-cmd@v1
@@ -93,7 +96,7 @@ jobs:
       - name: Build
         run: |
           mkdir build
-          cmake -B build ${{ steps.vcpkg.outputs.vcpkg-cmake-config }} -A ${{ matrix.target-platform }} -DWITH_CRYPTO_BACKEND=${{ matrix.backend }} -DDISABLE_NON_PAGED_MEMORY=ON -DBUILD_TESTS=ON
+          cmake -B build ${{ steps.vcpkg.outputs.vcpkg-cmake-config }} -A ${{ matrix.target-platform }} -DWITH_CRYPTO_BACKEND=${{ matrix.backend }} ${{ matrix.build-options }} -DDISABLE_NON_PAGED_MEMORY=ON -DBUILD_TESTS=ON
           cmake --build build
       - name: Test
         env:

diff --git a/src/lib/crypto/BotanSymmetricAlgorithm.cpp b/src/lib/crypto/BotanSymmetricAlgorithm.cpp
@@ -169,7 +169,26 @@ bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode
 	try
 	{
 		Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
-		if (mode == SymMode::GCM)
+		if (mode == SymMode::ECB)
+		{
+			// ECB cipher mode was dropped in Botan 2.0
+			const std::vector<std::string> algo_parts = split_on_delim(cipherName, '/');
+			const std::string cipher_name = algo_parts[0];
+			bool with_pkcs7_padding;
+			if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7")
+			{
+				with_pkcs7_padding = true;
+			}
+			else
+			{
+				with_pkcs7_padding = false;
+			}
+			std::unique_ptr<Botan::BlockCipher> bc(Botan::BlockCipher::create(cipher_name));
+			Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Encryption(bc.release(), with_pkcs7_padding));
+			cipher->set_key(botanKey);
+			cryption = new Botan::Pipe(cipher);
+		}
+		else if (mode == SymMode::GCM)
 		{
 			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::ENCRYPTION);
 			aead->set_key(botanKey);
@@ -385,7 +404,26 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode
 	try
 	{
 		Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
-		if (mode == SymMode::GCM)
+		if (mode == SymMode::ECB)
+		{
+			// ECB cipher mode was dropped in Botan 2.0
+			const std::vector<std::string> algo_parts = split_on_delim(cipherName, '/');
+			const std::string cipher_name = algo_parts[0];
+			bool with_pkcs7_padding;
+			if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7")
+			{
+				with_pkcs7_padding = true;
+			}
+			else
+			{
+				with_pkcs7_padding = false;
+			}
+			std::unique_ptr<Botan::BlockCipher> bc(Botan::BlockCipher::create(cipher_name));
+			Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Decryption(bc.release(),with_pkcs7_padding));
+			cipher->set_key(botanKey);
+			cryption = new Botan::Pipe(cipher);
+		}
+		else if (mode == SymMode::GCM)
 		{
 			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::DECRYPTION);
 			aead->set_key(botanKey);

diff --git a/src/lib/crypto/Botan_ecb.h b/src/lib/crypto/Botan_ecb.h
@@ -22,7 +22,7 @@ namespace Botan {
 /**
 * ECB mode
 */
-class BOTAN_DLL ECB_Mode : public Cipher_Mode
+class ECB_Mode : public Cipher_Mode
    {
    public:
       std::string name() const override;
@@ -57,7 +57,7 @@ class BOTAN_DLL ECB_Mode : public Cipher_Mode
 /**
 * ECB Encryption
 */
-class BOTAN_DLL ECB_Encryption final : public ECB_Mode
+class ECB_Encryption final : public ECB_Mode
    {
    public:
       /**
@@ -78,7 +78,7 @@ class BOTAN_DLL ECB_Encryption final : public ECB_Mode
 /**
 * ECB Decryption
 */
-class BOTAN_DLL ECB_Decryption final : public ECB_Mode
+class ECB_Decryption final : public ECB_Mode
    {
    public:
       /**

diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt
@@ -95,6 +95,7 @@ if(WITH_BOTAN)
                         BotanDSAKeyPair.cpp
                         BotanDSAPrivateKey.cpp
                         BotanDSAPublicKey.cpp
+                        Botan_ecb.cpp
                         BotanECDH.cpp
                         BotanECDHKeyPair.cpp
                         BotanECDHPrivateKey.cpp

diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -1427,8 +1427,10 @@ void SymmetricAlgorithmTests::aesWrapUnwrapED(CK_MECHANISM_TYPE mechanismType, C
 	CK_BBOOL bTrue = CK_TRUE;
 
 	std::map<std::string, EDCurveParam > curves {
-		{ "ED25519", {0x06, 0x03, 0x2b, 0x65, 0x70} },
-		{ "ED448", {0x06, 0x03, 0x2b, 0x65, 0x71} }
+		{ "ED25519", {0x06, 0x03, 0x2b, 0x65, 0x70} }
+#ifndef WITH_BOTAN
+		, { "ED448", {0x06, 0x03, 0x2b, 0x65, 0x71} }
+#endif
 	};
 
 	for(auto &curve : curves) {