[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-07 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101699#comment-17101699
 ] 

Lyor Goldstein commented on SSHD-986:
-

I'll add a few more tests and then merge it in soon.

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-06 Thread Thomas Wolf (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101078#comment-17101078
 ] 

Thomas Wolf commented on SSHD-986:
--

That's the "read public key from encoded private key data" solution. Looks OK.

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-04 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17099130#comment-17099130
 ] 

Lyor Goldstein commented on SSHD-986:
-

[~wolft] How about https://github.com/apache/mina-sshd/pull/129 ?

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-04 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17098991#comment-17098991
 ] 

Lyor Goldstein commented on SSHD-986:
-

{quote}
Are there different equivalent X.509 encodings for an EC key? (Named vs. 
unnamed, or some such?)
{quote}
Might be, although as far as I understand they are supposed to use DER instead 
of BER which is supposed to yield a deterministic result. Anyway, I removed the 
encoding assertion since the keys +contents+ are tested, so if they are equal I 
don't care how they are encoded (at least for the moment). Will publish a PR 
soon.

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-03 Thread Thomas Wolf (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17098493#comment-17098493
 ] 

Thomas Wolf commented on SSHD-986:
--

For the ecdsa-256 test, kp.getPublic() has an ECCurve$Fp curve and a ECPoint$Fp 
for G, while kp2.getPublic() has a SECP256R1Curve and a SECP256R1Point. The 
curve specs are also different; kp.getPublic() has an ECNamedCurveSpec, while 
kp2.getPublic() has an ECParameterSpec. The internal values appear to be the 
same. The generated private key kp.getPrivate() also contains the public key, 
while the read kp2.getPrivate doesn't.

Are there different equivalent X.509 encodings for an EC key? (Named vs. 
unnamed, or some such?)

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-05-01 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17097444#comment-17097444
 ] 

Lyor Goldstein commented on SSHD-986:
-

[~wolft] I believe I have solution (see 
{{PKCS8PEMResourceKeyPairParser#extractKeyPairs}}, but for some reason when 
comparing the recovered keys the {{Key#getEncoded()}} data is different - even 
though all other parameters are the same. See 
https://github.com/lgoldstein/mina-sshd/tree/SSHD-986 - 
{{PKCS8PEMResourceKeyPairParserTest}}. I would appreciate your feedback (if you 
have the time).

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Assignee: Lyor Goldstein
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-986) Implement ECDSA public key recovery

2020-04-29 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17095591#comment-17095591
 ] 

Lyor Goldstein commented on SSHD-986:
-

Good questions + sample code - will have to think about it. It may take some 
time though - as of next week I will be rather busy for some time...

> Implement ECDSA public key recovery
> ---
>
> Key: SSHD-986
> URL: https://issues.apache.org/jira/browse/SSHD-986
> Project: MINA SSHD
>  Issue Type: New Feature
>Affects Versions: 2.4.0
>Reporter: Thomas Wolf
>Priority: Minor
> Attachments: ECRecoverTest.java
>
>
> {{KeyUtils.recoverPublicKey(PrivateKey)}} (and also 
> {{OpenSSHECDSAPrivateKeyEntryDecoder.recoverPublicKey(ECPrivateKey)}}, but 
> that doesn't seem to be called at all) are not implemented for ECDSA keys.
> EC public key recovery is a ECPoint scalar multiplication and can be done via 
> Bouncy Castle. So if the code to do this can be guarded as other BC-dependent 
> code this might be one way to implement this.
> Seems to me that lack of {{KeyUtils.recoverPublicKey(PrivateKey)}} for ECDSA 
> currently prevents reading a key pair from a PKCS#8 PEM ECDSA private key 
> file because {{PKCS8PEMResourceKeyPairParser}} calls that recovery method.
> Attached is small JUnit test showing how to compute the ECDSA public key from 
> a given ECDSA private key using Bouncy Castle.
> According to [RFC 5915|https://tools.ietf.org/html/rfc5915], a PKCS#8 
> representation of a ECDSA private key SHOULD contain the public key, too, so 
> if it's present it might perhaps even be possible to avoid this scalar 
> multiplication altogether, but exploiting this might require some larger code 
> refactoring?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org