You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Thomas Wolf (Jira)" <ji...@apache.org> on 2021/03/25 07:29:00 UTC
[jira] [Resolved] (SSHD-997) Replace EdDSA-Java library with new
ed25519-elisabeth implementation
[ https://issues.apache.org/jira/browse/SSHD-997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Wolf resolved SSHD-997.
------------------------------
Fix Version/s: 2.5.0
Resolution: Fixed
Per comments above: a fix/work-around was implemented in sshd.
> Replace EdDSA-Java library with new ed25519-elisabeth implementation
> --------------------------------------------------------------------
>
> Key: SSHD-997
> URL: https://issues.apache.org/jira/browse/SSHD-997
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.4.0
> Reporter: David Ostrovsky
> Assignee: Lyor Goldstein
> Priority: Major
> Fix For: 2.5.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Recent addition to the SSHD library revealed issues with seed attribute in EdDSA-Java library:
> {code:java}
> + private boolean compare(KeyPair a, KeyPair b) {
> + if ("EDDSA".equals(data.algorithm)) {
> + // Bug in net.i2p.crypto.eddsa and in sshd? Both also compare the
> + // seed of the private key, but for a generated key, this is some
> + // random value, while it is all zeroes for a key read from a file.
> + return KeyUtils.compareKeys(a.getPublic(), b.getPublic())
> + && Objects.equals(((EdDSAKey) a.getPrivate()).getParams(),
> + ((EdDSAKey) b.getPrivate()).getParams());
> + }
> {code}
> The corresponding issue: [1] upstream pointing to the new library:
> [1] https://github.com/str4d/ed25519-java/issues/30#issuecomment-573389252
> [2] https://github.com/cryptography-cafe/ed25519-elisabeth
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org