From 87ab48531d3ca4176dd0620b7f21faa8cce81cda Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Wed, 16 Apr 2025 00:07:34 -0700 Subject: [PATCH] EdDSA: do not directly cast This will fail if another provider is creating the EdDSA key objects. --- .../com/trilead/ssh2/auth/AuthenticationManager.java | 2 +- .../trilead/ssh2/crypto/keys/Ed25519KeyFactory.java | 1 + .../java/com/trilead/ssh2/signature/Ed25519Verify.java | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java b/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java index 265117d..29028c8 100644 --- a/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java +++ b/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java @@ -330,7 +330,7 @@ else if ("EdDSA".equals(publicKey.getAlgorithm())) } else { - Ed25519PrivateKey pk = (Ed25519PrivateKey) privateKey; + Ed25519PrivateKey pk = Ed25519Verify.convertPrivateKey(privateKey); ed_sig_enc = Ed25519Verify.get().generateSignature(msg, pk, rnd); } diff --git a/src/main/java/com/trilead/ssh2/crypto/keys/Ed25519KeyFactory.java b/src/main/java/com/trilead/ssh2/crypto/keys/Ed25519KeyFactory.java index 8550566..b52b2de 100644 --- a/src/main/java/com/trilead/ssh2/crypto/keys/Ed25519KeyFactory.java +++ b/src/main/java/com/trilead/ssh2/crypto/keys/Ed25519KeyFactory.java @@ -37,6 +37,7 @@ public Key engineTranslateKey(Key key) throws InvalidKeyException { if (key instanceof Ed25519PublicKey || key instanceof Ed25519PrivateKey) { return key; } + if (key instanceof PublicKey && key.getFormat().equals("X.509")) { byte[] encoded = key.getEncoded(); try { diff --git a/src/main/java/com/trilead/ssh2/signature/Ed25519Verify.java b/src/main/java/com/trilead/ssh2/signature/Ed25519Verify.java index 0e7431c..34efa6e 100644 --- a/src/main/java/com/trilead/ssh2/signature/Ed25519Verify.java +++ b/src/main/java/com/trilead/ssh2/signature/Ed25519Verify.java @@ -69,7 +69,7 @@ public static Ed25519Verify get() { @Override public byte[] encodePublicKey(PublicKey publicKey) throws IOException { - Ed25519PublicKey ed25519PublicKey = getEd25519PublicKey(publicKey); + Ed25519PublicKey ed25519PublicKey = convertPublicKey(publicKey); TypesWriter tw = new TypesWriter(); @@ -104,7 +104,7 @@ public PublicKey decodePublicKey(byte[] encoded) throws IOException { @Override public byte[] generateSignature(byte[] msg, PrivateKey privateKey, SecureRandom secureRandom) throws IOException { - Ed25519PrivateKey ed25519PrivateKey = getEd25519PrivateKey(privateKey); + Ed25519PrivateKey ed25519PrivateKey = convertPrivateKey(privateKey); try { return encodeSSHEd25519Signature(new Ed25519Sign(ed25519PrivateKey.getSeed()).sign(msg)); } catch (GeneralSecurityException e) { @@ -112,7 +112,7 @@ public byte[] generateSignature(byte[] msg, PrivateKey privateKey, SecureRandom } } - private static Ed25519PublicKey getEd25519PublicKey(PublicKey publicKey) throws IOException { + public static Ed25519PublicKey convertPublicKey(PublicKey publicKey) throws IOException { Ed25519KeyFactory kf = new Ed25519KeyFactory(); try { return (Ed25519PublicKey) kf.engineTranslateKey(publicKey); @@ -121,7 +121,7 @@ private static Ed25519PublicKey getEd25519PublicKey(PublicKey publicKey) throws } } - private static Ed25519PrivateKey getEd25519PrivateKey(PrivateKey privateKey) throws IOException { + public static Ed25519PrivateKey convertPrivateKey(PrivateKey privateKey) throws IOException { Ed25519KeyFactory kf = new Ed25519KeyFactory(); try { return (Ed25519PrivateKey) kf.engineTranslateKey(privateKey); @@ -132,7 +132,7 @@ private static Ed25519PrivateKey getEd25519PrivateKey(PrivateKey privateKey) thr @Override public boolean verifySignature(byte[] message, byte[] sshSig, PublicKey publicKey) throws IOException { - Ed25519PublicKey ed25519PublicKey = getEd25519PublicKey(publicKey); + Ed25519PublicKey ed25519PublicKey = convertPublicKey(publicKey); byte[] javaSig = decodeSSHEd25519Signature(sshSig); try { new com.google.crypto.tink.subtle.Ed25519Verify(ed25519PublicKey.getAbyte()).verify(javaSig, message);