Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EdDSA: Use BouncyCastle implementation. #73

Merged
merged 2 commits into from
Dec 3, 2020
Merged

EdDSA: Use BouncyCastle implementation. #73

merged 2 commits into from
Dec 3, 2020

Conversation

sundbry
Copy link
Contributor

@sundbry sundbry commented Oct 12, 2020

Hi Buddys,

Since BouncyCastle published their EdDSA implementation, loading key files using buddy.core.keys/public-key and buddy.core.keys/private-key started loading the BC key classes instead of those from net.i2p.crypto. Since I was not using jwks in my app this was a problem.

I went ahead and replaced the original library with the BouncyCastle implementation, and removed the dependency.
There is one minor issue with this implementation which may cause JVM security or reflection warnings The constructor to this class is not public, so we use some reflection hacks to access it. https://github.com/bcgit/bc-java/blob/bc3b92f1f0e78b82e2584c5fb4b226a13e7f8b3b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/edec/BCEdDSAPrivateKey.java#L32

I will be submitting a PR to BouncyCastle to open that constructor up in the meantime.

Stack trace for reference on the original issue

ERROR in (test-algorithms) (EdDSAEngine.java:134)
Uncaught exception, not in assertion.
expected: nil
  actual: java.security.InvalidKeyException: cannot identify EdDSA private key: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey
 at net.i2p.crypto.eddsa.EdDSAEngine.engineInitSign (EdDSAEngine.java:134)
    java.security.SignatureSpi.engineInitSign (SignatureSpi.java:131)
    java.security.Signature.initSign (Signature.java:657)
    buddy.core.dsa$eval15659$fn__15660.invoke (dsa.clj:79)
    buddy.core.dsa$eval15563$fn__15594$G__15550__15601.invoke (dsa.clj:47)
    buddy.core.dsa$sign.invokeStatic (dsa.clj:159)
    buddy.core.dsa$sign.invoke (dsa.clj:156)
    buddy.sign.jws$fn__15957.invokeStatic (jws.clj:66)
    buddy.sign.jws/fn (jws.clj:31)
    buddy.sign.jws$calculate_signature.invokeStatic (jws.clj:109)
    buddy.sign.jws$calculate_signature.invoke (jws.clj:103)
    buddy.sign.jws$sign.invokeStatic (jws.clj:144)
    buddy.sign.jws$sign.doInvoke (jws.clj:136)
    clojure.lang.RestFn.invoke (RestFn.java:442)
    buddy.sign.jwt$sign.invokeStatic (jwt.clj:123)
    buddy.sign.jwt$sign.invoke (jwt.clj:117

@sundbry sundbry mentioned this pull request Oct 12, 2020
Closed
@niwinz
Copy link
Member

niwinz commented Oct 12, 2020

I will review it tomorrow probably. Thanks!

@niwinz
Copy link
Member

niwinz commented Dec 3, 2020

Having that BC rejected the issue, i'm a little bit worried with the reflection. I'm going to merge this, but if some isse appears, i will probably revert this.

Thanks.

@niwinz niwinz merged commit 79e455e into funcool:master Dec 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sundbry @niwinz