[SSHD-997] Replace EdDSA-Java library with new ed25519-elisabeth implementation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 2.5.0
Labels:
None

Description

Recent addition to the SSHD library revealed issues with seed attribute in EdDSA-Java library:

+    private boolean compare(KeyPair a, KeyPair b) {
+        if ("EDDSA".equals(data.algorithm)) {
+            // Bug in net.i2p.crypto.eddsa and in sshd? Both also compare the
+            // seed of the private key, but for a generated key, this is some
+            // random value, while it is all zeroes for a key read from a file.
+            return KeyUtils.compareKeys(a.getPublic(), b.getPublic())
+                    && Objects.equals(((EdDSAKey) a.getPrivate()).getParams(),
+                            ((EdDSAKey) b.getPrivate()).getParams());
+        }

The corresponding issue: [1] upstream pointing to the new library:

[1] https://github.com/str4d/ed25519-java/issues/30#issuecomment-573389252
[2] https://github.com/cryptography-cafe/ed25519-elisabeth

Attachments

Activity

People

Assignee:: Lyor Goldstein

Reporter:: David Ostrovsky

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/May/20 06:32

Updated:: 25/Mar/21 07:28

Resolved:: 25/Mar/21 07:28

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h