ed25519
keys
Include the net.i2p.crypto.eddsa bundle via a hard dependency. Add tests for dealing withtags/v5.2.0.201812061821-red25519
host keys and user key files. Manual tests: fetching from git.eclipse.org with aned25519
user key, and pushing this change itself using the sameed25519
key. Note that sshd 2.0.0 does not yet support encrypteded25519
private keys. Bug: 541272 Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
@@ -22,6 +22,12 @@ load( | |||
"maven_jar", | |||
) | |||
maven_jar( | |||
name = "eddsa", | |||
artifact = "net.i2p.crypto:eddsa:0.3.0", | |||
sha1 = "1901c8d4d8bffb7d79027686cfb91e704217c3e1", | |||
) | |||
maven_jar( | |||
name = "jsch", | |||
artifact = "com.jcraft:jsch:0.1.54", |
@@ -27,6 +27,15 @@ java_library( | |||
exports = ["@commons-logging//jar"], | |||
) | |||
java_library( | |||
name = "eddsa", | |||
visibility = [ | |||
"//org.eclipse.jgit.ssh.apache:__pkg__", | |||
"//org.eclipse.jgit.ssh.apache.test:__pkg__", | |||
], | |||
exports = ["@eddsa//jar"], | |||
) | |||
java_library( | |||
name = "gson", | |||
visibility = [ |
@@ -47,4 +47,11 @@ | |||
version="0.0.0" | |||
unpack="false"/> | |||
<plugin | |||
id="net.i2p.crypto.eddsa" | |||
download-size="0" | |||
install-size="0" | |||
version="0.0.0" | |||
unpack="false"/> | |||
</feature> |
@@ -8,6 +8,7 @@ junit_tests( | |||
srcs = glob(["tst/**/*.java"]), | |||
tags = ["sshd"], | |||
deps = [ | |||
"//lib:eddsa", | |||
"//lib:junit", | |||
"//lib:sshd-core", | |||
"//lib:sshd-sftp", |
@@ -8,6 +8,7 @@ Bundle-Vendor: %Provider-Name | |||
Bundle-RequiredExecutionEnvironment: JavaSE-1.8 | |||
Import-Package: org.eclipse.jgit.internal.transport.sshd.proxy;version="[5.2.0,5.3.0)", | |||
org.eclipse.jgit.junit;version="[5.2.0,5.3.0)", | |||
org.eclipse.jgit.junit.ssh;version="[5.2.0,5.3.0)", | |||
org.eclipse.jgit.lib;version="[5.2.0,5.3.0)", | |||
org.eclipse.jgit.transport;version="[5.2.0,5.3.0)", | |||
org.eclipse.jgit.transport.ssh;version="[5.2.0,5.3.0)", |
@@ -53,6 +53,7 @@ import org.eclipse.jgit.transport.SshSessionFactory; | |||
import org.eclipse.jgit.transport.ssh.SshTestBase; | |||
import org.eclipse.jgit.transport.sshd.SshdSessionFactory; | |||
import org.eclipse.jgit.util.FS; | |||
import org.junit.Test; | |||
import org.junit.experimental.theories.Theories; | |||
import org.junit.runner.RunWith; | |||
@@ -81,4 +82,24 @@ public class ApacheSshTest extends SshTestBase { | |||
} | |||
} | |||
// Using an ed25519 (unencrypted) user key is tested in the super class in | |||
// testSshKeys(). sshd 2.0.0 cannot yet read encrypted ed25519 keys. | |||
@Test | |||
public void testEd25519HostKey() throws Exception { | |||
File newHostKey = new File(getTemporaryDirectory(), "newhostkey"); | |||
copyTestResource("id_ed25519", newHostKey); | |||
server.addHostKey(newHostKey.toPath(), true); | |||
File newHostKeyPub = new File(getTemporaryDirectory(), | |||
"newhostkey.pub"); | |||
copyTestResource("id_ed25519.pub", newHostKeyPub); | |||
createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub); | |||
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, // | |||
"Host git", // | |||
"HostName localhost", // | |||
"Port " + testPort, // | |||
"User " + TEST_USER, // | |||
"IdentityFile " + privateKey1.getAbsolutePath()); | |||
} | |||
} |
@@ -10,6 +10,7 @@ java_library( | |||
resource_strip_prefix = "org.eclipse.jgit.ssh.apache/resources", | |||
resources = RESOURCES, | |||
deps = [ | |||
"//lib:eddsa", | |||
"//lib:slf4j-api", | |||
"//lib:sshd-core", | |||
"//lib:sshd-sftp", |
@@ -31,7 +31,8 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.2.0";x-inter | |||
org.eclipse.jgit.util, | |||
org.apache.sshd.client.session, | |||
org.apache.sshd.client.keyverifier" | |||
Import-Package: org.apache.sshd.agent;version="[2.0.0,2.1.0)", | |||
Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)", | |||
org.apache.sshd.agent;version="[2.0.0,2.1.0)", | |||
org.apache.sshd.client;version="[2.0.0,2.1.0)", | |||
org.apache.sshd.client.auth;version="[2.0.0,2.1.0)", | |||
org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)", |
@@ -63,6 +63,7 @@ | |||
<properties> | |||
<translate-qualifier/> | |||
<source-bundle-manifest>${project.build.directory}/META-INF/SOURCE-MANIFEST.MF</source-bundle-manifest> | |||
<eddsa-version>0.3.0</eddsa-version> | |||
</properties> | |||
<dependencies> | |||
@@ -84,6 +85,12 @@ | |||
<version>${apache-sshd-version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>net.i2p.crypto</groupId> | |||
<artifactId>eddsa</artifactId> | |||
<version>${eddsa-version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.slf4j</groupId> | |||
<artifactId>slf4j-api</artifactId> |
@@ -80,6 +80,7 @@ public abstract class SshTestBase extends SshTestHarness { | |||
"id_ecdsa_256", // | |||
"id_ecdsa_384", // | |||
"id_ecdsa_521", // | |||
"id_ed25519", // | |||
// And now encrypted. Passphrase is "testpass". | |||
"id_dsa_testpass", // | |||
"id_rsa_1024_testpass", // | |||
@@ -805,7 +806,8 @@ public abstract class SshTestBase extends SshTestHarness { | |||
// JSch fails on ECDSA 384/521 keys. Compare | |||
// https://sourceforge.net/p/jsch/patches/10/ | |||
assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory | |||
&& (keyName.startsWith("id_ecdsa_384") | |||
&& (keyName.contains("ed25519") | |||
|| keyName.startsWith("id_ecdsa_384") | |||
|| keyName.startsWith("id_ecdsa_521")))); | |||
File cloned = new File(getTemporaryDirectory(), "cloned"); | |||
String keyFileName = keyName + "_key"; |