Details
Description
AuthEngine implements a bespoke [key exchange protocol |https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto|https://github.com/apache/spark/tree/master/common/network-common/src/main/java/org/apache/spark/network/crypto].] based on the NNpsk0 Noise pattern and using X25519.
The Spark code improperly uses the derived shared secret directly, which is an encoded X coordinate. This should be passed into a KDF rather than used directly.