Apache MINA sshd client: enable support for ed25519 keys

Include the net.i2p.crypto.eddsa bundle via a hard dependency.

Add tests for dealing with ed25519 host keys and user key files.

Manual tests: fetching from git.eclipse.org with an ed25519 user key,
and pushing this change itself using the same ed25519 key.

Note that sshd 2.0.0 does not yet support encrypted ed25519 private
keys.

Bug: 541272
Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

WORKSPACE

@@ -22,6 +22,12 @@ load(
     "maven_jar",
 )
 
+maven_jar(
+    name = "eddsa",
+    artifact = "net.i2p.crypto:eddsa:0.3.0",
+    sha1 = "1901c8d4d8bffb7d79027686cfb91e704217c3e1",
+)
+
 maven_jar(
     name = "jsch",
     artifact = "com.jcraft:jsch:0.1.54",

lib/BUILD

@@ -27,6 +27,15 @@ java_library(
     exports = ["@commons-logging//jar"],
 )
 
+java_library(
+    name = "eddsa",
+    visibility = [
+        "//org.eclipse.jgit.ssh.apache:__pkg__",
+        "//org.eclipse.jgit.ssh.apache.test:__pkg__",
+    ],
+    exports = ["@eddsa//jar"],
+)
+
 java_library(
     name = "gson",
     visibility = [

org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml

@@ -47,4 +47,11 @@
          version="0.0.0"
          unpack="false"/>
 
+   <plugin
+         id="net.i2p.crypto.eddsa"
+         download-size="0"
+         install-size="0"
+         version="0.0.0"
+         unpack="false"/>
+
 </feature>

org.eclipse.jgit.ssh.apache.test/BUILD

@@ -8,6 +8,7 @@ junit_tests(
     srcs = glob(["tst/**/*.java"]),
     tags = ["sshd"],
     deps = [
+        "//lib:eddsa",
         "//lib:junit",
         "//lib:sshd-core",
         "//lib:sshd-sftp",

org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF

@@ -8,6 +8,7 @@ Bundle-Vendor: %Provider-Name
 Bundle-RequiredExecutionEnvironment: JavaSE-1.8
 Import-Package: org.eclipse.jgit.internal.transport.sshd.proxy;version="[5.2.0,5.3.0)",
  org.eclipse.jgit.junit;version="[5.2.0,5.3.0)",
+ org.eclipse.jgit.junit.ssh;version="[5.2.0,5.3.0)",
  org.eclipse.jgit.lib;version="[5.2.0,5.3.0)",
  org.eclipse.jgit.transport;version="[5.2.0,5.3.0)",
  org.eclipse.jgit.transport.ssh;version="[5.2.0,5.3.0)",

org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java

@@ -53,6 +53,7 @@ import org.eclipse.jgit.transport.SshSessionFactory;
 import org.eclipse.jgit.transport.ssh.SshTestBase;
 import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
 import org.eclipse.jgit.util.FS;
+import org.junit.Test;
 import org.junit.experimental.theories.Theories;
 import org.junit.runner.RunWith;
 
@@ -81,4 +82,24 @@ public class ApacheSshTest extends SshTestBase {
 		}
 	}
 
+	// Using an ed25519 (unencrypted) user key is tested in the super class in
+	// testSshKeys(). sshd 2.0.0 cannot yet read encrypted ed25519 keys.
+
+	@Test
+	public void testEd25519HostKey() throws Exception {
+		File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
+		copyTestResource("id_ed25519", newHostKey);
+		server.addHostKey(newHostKey.toPath(), true);
+		File newHostKeyPub = new File(getTemporaryDirectory(),
+				"newhostkey.pub");
+		copyTestResource("id_ed25519.pub", newHostKeyPub);
+		createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
 }

org.eclipse.jgit.ssh.apache/BUILD

@@ -10,6 +10,7 @@ java_library(
     resource_strip_prefix = "org.eclipse.jgit.ssh.apache/resources",
     resources = RESOURCES,
     deps = [
+        "//lib:eddsa",
         "//lib:slf4j-api",
         "//lib:sshd-core",
         "//lib:sshd-sftp",

org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF

@@ -31,7 +31,8 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.2.0";x-inter
    org.eclipse.jgit.util,
    org.apache.sshd.client.session,
    org.apache.sshd.client.keyverifier"
-Import-Package: org.apache.sshd.agent;version="[2.0.0,2.1.0)",
+Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
+ org.apache.sshd.agent;version="[2.0.0,2.1.0)",
  org.apache.sshd.client;version="[2.0.0,2.1.0)",
  org.apache.sshd.client.auth;version="[2.0.0,2.1.0)",
  org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)",

org.eclipse.jgit.ssh.apache/pom.xml

@@ -63,6 +63,7 @@
   <properties>
     <translate-qualifier/>
     <source-bundle-manifest>${project.build.directory}/META-INF/SOURCE-MANIFEST.MF</source-bundle-manifest>
+    <eddsa-version>0.3.0</eddsa-version>
   </properties>
 
   <dependencies>
@@ -84,6 +85,12 @@
       <version>${apache-sshd-version}</version>
     </dependency>
 
+    <dependency>
+      <groupId>net.i2p.crypto</groupId>
+      <artifactId>eddsa</artifactId>
+      <version>${eddsa-version}</version>
+    </dependency>
+
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>

org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java

@@ -80,6 +80,7 @@ public abstract class SshTestBase extends SshTestHarness {
 			"id_ecdsa_256", //
 			"id_ecdsa_384", //
 			"id_ecdsa_521", //
+			"id_ed25519", //
 			// And now encrypted. Passphrase is "testpass".
 			"id_dsa_testpass", //
 			"id_rsa_1024_testpass", //
@@ -805,7 +806,8 @@ public abstract class SshTestBase extends SshTestHarness {
 		// JSch fails on ECDSA 384/521 keys. Compare
 		// https://sourceforge.net/p/jsch/patches/10/
 		assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
-				&& (keyName.startsWith("id_ecdsa_384")
+				&& (keyName.contains("ed25519")
+						|| keyName.startsWith("id_ecdsa_384")
 						|| keyName.startsWith("id_ecdsa_521"))));
 		File cloned = new File(getTemporaryDirectory(), "cloned");
 		String keyFileName = keyName + "_key";