summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2018-11-19 23:11:13 +0100
committerThomas Wolf <thomas.wolf@paranor.ch>2018-12-02 11:43:13 +0100
commitdb627c417779691d7fe5fa925ea63f53babbae01 (patch)
tree8ccaea58a31ab6b31cb1ac8fb192a869164b0750
parenta08ffb04448ea225a8559403560537ac2ef50eb6 (diff)
downloadjgit-db627c417779691d7fe5fa925ea63f53babbae01.tar.gz
jgit-db627c417779691d7fe5fa925ea63f53babbae01.zip
Apache MINA sshd client: enable support for ed25519 keys
Include the net.i2p.crypto.eddsa bundle via a hard dependency. Add tests for dealing with ed25519 host keys and user key files. Manual tests: fetching from git.eclipse.org with an ed25519 user key, and pushing this change itself using the same ed25519 key. Note that sshd 2.0.0 does not yet support encrypted ed25519 private keys. Bug: 541272 Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
-rw-r--r--WORKSPACE6
-rw-r--r--lib/BUILD9
-rw-r--r--org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml7
-rw-r--r--org.eclipse.jgit.ssh.apache.test/BUILD1
-rw-r--r--org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF1
-rw-r--r--org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java21
-rw-r--r--org.eclipse.jgit.ssh.apache/BUILD1
-rw-r--r--org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF3
-rw-r--r--org.eclipse.jgit.ssh.apache/pom.xml7
-rw-r--r--org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java4
10 files changed, 58 insertions, 2 deletions
diff --git a/WORKSPACE b/WORKSPACE
index 66bdd67cb2..0eabeccbc5 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -23,6 +23,12 @@ load(
)
maven_jar(
+ name = "eddsa",
+ artifact = "net.i2p.crypto:eddsa:0.3.0",
+ sha1 = "1901c8d4d8bffb7d79027686cfb91e704217c3e1",
+)
+
+maven_jar(
name = "jsch",
artifact = "com.jcraft:jsch:0.1.54",
sha1 = "da3584329a263616e277e15462b387addd1b208d",
diff --git a/lib/BUILD b/lib/BUILD
index 4803466eca..0f09c1f87a 100644
--- a/lib/BUILD
+++ b/lib/BUILD
@@ -28,6 +28,15 @@ java_library(
)
java_library(
+ name = "eddsa",
+ visibility = [
+ "//org.eclipse.jgit.ssh.apache:__pkg__",
+ "//org.eclipse.jgit.ssh.apache.test:__pkg__",
+ ],
+ exports = ["@eddsa//jar"],
+)
+
+java_library(
name = "gson",
visibility = [
"//org.eclipse.jgit.lfs:__pkg__",
diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml b/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
index b80ff3799c..2f15de18a4 100644
--- a/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
+++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
@@ -47,4 +47,11 @@
version="0.0.0"
unpack="false"/>
+ <plugin
+ id="net.i2p.crypto.eddsa"
+ download-size="0"
+ install-size="0"
+ version="0.0.0"
+ unpack="false"/>
+
</feature>
diff --git a/org.eclipse.jgit.ssh.apache.test/BUILD b/org.eclipse.jgit.ssh.apache.test/BUILD
index 3742aff06d..a13cf0b30f 100644
--- a/org.eclipse.jgit.ssh.apache.test/BUILD
+++ b/org.eclipse.jgit.ssh.apache.test/BUILD
@@ -8,6 +8,7 @@ junit_tests(
srcs = glob(["tst/**/*.java"]),
tags = ["sshd"],
deps = [
+ "//lib:eddsa",
"//lib:junit",
"//lib:sshd-core",
"//lib:sshd-sftp",
diff --git a/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF
index 38dc190679..b87ef7cffa 100644
--- a/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF
@@ -8,6 +8,7 @@ Bundle-Vendor: %Provider-Name
Bundle-RequiredExecutionEnvironment: JavaSE-1.8
Import-Package: org.eclipse.jgit.internal.transport.sshd.proxy;version="[5.2.0,5.3.0)",
org.eclipse.jgit.junit;version="[5.2.0,5.3.0)",
+ org.eclipse.jgit.junit.ssh;version="[5.2.0,5.3.0)",
org.eclipse.jgit.lib;version="[5.2.0,5.3.0)",
org.eclipse.jgit.transport;version="[5.2.0,5.3.0)",
org.eclipse.jgit.transport.ssh;version="[5.2.0,5.3.0)",
diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
index 69a9165aa7..ee58083a5a 100644
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@@ -53,6 +53,7 @@ import org.eclipse.jgit.transport.SshSessionFactory;
import org.eclipse.jgit.transport.ssh.SshTestBase;
import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
import org.eclipse.jgit.util.FS;
+import org.junit.Test;
import org.junit.experimental.theories.Theories;
import org.junit.runner.RunWith;
@@ -81,4 +82,24 @@ public class ApacheSshTest extends SshTestBase {
}
}
+ // Using an ed25519 (unencrypted) user key is tested in the super class in
+ // testSshKeys(). sshd 2.0.0 cannot yet read encrypted ed25519 keys.
+
+ @Test
+ public void testEd25519HostKey() throws Exception {
+ File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
+ copyTestResource("id_ed25519", newHostKey);
+ server.addHostKey(newHostKey.toPath(), true);
+ File newHostKeyPub = new File(getTemporaryDirectory(),
+ "newhostkey.pub");
+ copyTestResource("id_ed25519.pub", newHostKeyPub);
+ createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
+ cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+ "Host git", //
+ "HostName localhost", //
+ "Port " + testPort, //
+ "User " + TEST_USER, //
+ "IdentityFile " + privateKey1.getAbsolutePath());
+ }
+
}
diff --git a/org.eclipse.jgit.ssh.apache/BUILD b/org.eclipse.jgit.ssh.apache/BUILD
index d6a145381c..a1a6c8e24c 100644
--- a/org.eclipse.jgit.ssh.apache/BUILD
+++ b/org.eclipse.jgit.ssh.apache/BUILD
@@ -10,6 +10,7 @@ java_library(
resource_strip_prefix = "org.eclipse.jgit.ssh.apache/resources",
resources = RESOURCES,
deps = [
+ "//lib:eddsa",
"//lib:slf4j-api",
"//lib:sshd-core",
"//lib:sshd-sftp",
diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
index e5d66536fc..1246518157 100644
--- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
@@ -31,7 +31,8 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.2.0";x-inter
org.eclipse.jgit.util,
org.apache.sshd.client.session,
org.apache.sshd.client.keyverifier"
-Import-Package: org.apache.sshd.agent;version="[2.0.0,2.1.0)",
+Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
+ org.apache.sshd.agent;version="[2.0.0,2.1.0)",
org.apache.sshd.client;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)",
diff --git a/org.eclipse.jgit.ssh.apache/pom.xml b/org.eclipse.jgit.ssh.apache/pom.xml
index f9100855ef..366c393e42 100644
--- a/org.eclipse.jgit.ssh.apache/pom.xml
+++ b/org.eclipse.jgit.ssh.apache/pom.xml
@@ -63,6 +63,7 @@
<properties>
<translate-qualifier/>
<source-bundle-manifest>${project.build.directory}/META-INF/SOURCE-MANIFEST.MF</source-bundle-manifest>
+ <eddsa-version>0.3.0</eddsa-version>
</properties>
<dependencies>
@@ -85,6 +86,12 @@
</dependency>
<dependency>
+ <groupId>net.i2p.crypto</groupId>
+ <artifactId>eddsa</artifactId>
+ <version>${eddsa-version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
index 92a2fbd275..dde55b6d79 100644
--- a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
+++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
@@ -80,6 +80,7 @@ public abstract class SshTestBase extends SshTestHarness {
"id_ecdsa_256", //
"id_ecdsa_384", //
"id_ecdsa_521", //
+ "id_ed25519", //
// And now encrypted. Passphrase is "testpass".
"id_dsa_testpass", //
"id_rsa_1024_testpass", //
@@ -805,7 +806,8 @@ public abstract class SshTestBase extends SshTestHarness {
// JSch fails on ECDSA 384/521 keys. Compare
// https://sourceforge.net/p/jsch/patches/10/
assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
- && (keyName.startsWith("id_ecdsa_384")
+ && (keyName.contains("ed25519")
+ || keyName.startsWith("id_ecdsa_384")
|| keyName.startsWith("id_ecdsa_521"))));
File cloned = new File(getTemporaryDirectory(), "cloned");
String keyFileName = keyName + "_key";