From f4d5b6bc8aedc203c9e8ce9caa377230f3f2e206bf45a23e9df9330012d1e876 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Fri, 14 Mar 2025 14:00:13 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/ed25519-java?expand=0&rev=12

---
 .gitattributes                                |  23 ++++
 .gitignore                                    |   1 +
 ...Verify-Handle-any-non-EdDSAPublicKey.patch |  37 ++++++
 ...t-relies-on-internal-sun-JDK-classes.patch |  46 +++++++
 ed25519-java-0.3.0.tar.gz                     |   3 +
 ed25519-java-CVE-2020-36843.patch             |  39 ++++++
 ed25519-java-build.xml                        | 116 ++++++++++++++++++
 ed25519-java.changes                          |  38 ++++++
 ed25519-java.spec                             |  92 ++++++++++++++
 9 files changed, 395 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch
 create mode 100644 0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch
 create mode 100644 ed25519-java-0.3.0.tar.gz
 create mode 100644 ed25519-java-CVE-2020-36843.patch
 create mode 100644 ed25519-java-build.xml
 create mode 100644 ed25519-java.changes
 create mode 100644 ed25519-java.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch b/0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch
new file mode 100644
index 0000000..302959b
--- /dev/null
+++ b/0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch
@@ -0,0 +1,37 @@
+From c5629faa3e1880cc71da506263f224bc818fe827 Mon Sep 17 00:00:00 2001
+From: Jack Grigg <thestr4d@gmail.com>
+Date: Sun, 27 Jan 2019 23:27:00 +0000
+Subject: [PATCH 1/2] EdDSAEngine.initVerify(): Handle any non-EdDSAPublicKey
+ X.509-encoded pubkey
+
+sun.security.x509.X509Key is a JDK-internal API, and should not be used
+directly. Instead of looking for an instance of that class, we check the
+primary encoding format of the PublicKey, and proceed if it is "X.509".
+---
+ src/net/i2p/crypto/eddsa/EdDSAEngine.java | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/net/i2p/crypto/eddsa/EdDSAEngine.java b/src/net/i2p/crypto/eddsa/EdDSAEngine.java
+index 1f0ba6d..6b25410 100644
+--- a/src/net/i2p/crypto/eddsa/EdDSAEngine.java
++++ b/src/net/i2p/crypto/eddsa/EdDSAEngine.java
+@@ -29,7 +29,6 @@ import java.util.Arrays;
+ import net.i2p.crypto.eddsa.math.Curve;
+ import net.i2p.crypto.eddsa.math.GroupElement;
+ import net.i2p.crypto.eddsa.math.ScalarOps;
+-import sun.security.x509.X509Key;
+ 
+ /**
+  * Signing and verification for EdDSA.
+@@ -157,7 +156,7 @@ public final class EdDSAEngine extends Signature {
+                 }
+             } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm()))
+                 throw new InvalidKeyException("Key hash algorithm does not match chosen digest");
+-        } else if (publicKey instanceof X509Key) {
++        } else if (publicKey.getFormat().equals("X.509")) {
+             // X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained
+             // key is valid but needs to be instanced as an EdDSAPublicKey before it can be used.
+             EdDSAPublicKey parsedPublicKey;
+-- 
+2.33.1
+
diff --git a/0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch b/0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch
new file mode 100644
index 0000000..8185478
--- /dev/null
+++ b/0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch
@@ -0,0 +1,46 @@
+From 1ea7fb5ed949d8a458fda40b186868b7cffbb271 Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth@gmail.com>
+Date: Wed, 1 Dec 2021 09:35:10 +0000
+Subject: [PATCH 2/2] Disable test that relies on internal sun JDK classes
+
+---
+ test/net/i2p/crypto/eddsa/EdDSAEngineTest.java | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java b/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
+index 2ed793b..adc46fd 100644
+--- a/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
++++ b/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
+@@ -31,8 +31,6 @@ import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+ import org.junit.Rule;
+ import org.junit.Test;
+ import org.junit.rules.ExpectedException;
+-import sun.security.util.DerValue;
+-import sun.security.x509.X509Key;
+ 
+ /**
+  * @author str4d
+@@ -217,20 +215,4 @@ public class EdDSAEngineTest {
+         assertThat("verifyOneShot() failed", sgr.verifyOneShot(TEST_MSG, TEST_MSG_SIG), is(true));
+     }
+ 
+-    @Test
+-    public void testVerifyX509PublicKeyInfo() throws Exception {
+-        EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519");
+-        Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm()));
+-        for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) {
+-            EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(testCase.pk, spec);
+-            PublicKey vKey = new EdDSAPublicKey(pubKey);
+-            PublicKey x509Key = X509Key.parse(new DerValue(vKey.getEncoded()));
+-            sgr.initVerify(x509Key);
+-
+-            sgr.update(testCase.message);
+-
+-            assertThat("Test case " + testCase.caseNum + " failed",
+-                    sgr.verify(testCase.sig), is(true));
+-        }
+-    }
+ }
+-- 
+2.33.1
+
diff --git a/ed25519-java-0.3.0.tar.gz b/ed25519-java-0.3.0.tar.gz
new file mode 100644
index 0000000..3ac2d54
--- /dev/null
+++ b/ed25519-java-0.3.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a89a2331afb1db0bd06ce029c731db2d24684cebf111e796b51deb6e2a20a310
+size 5818862
diff --git a/ed25519-java-CVE-2020-36843.patch b/ed25519-java-CVE-2020-36843.patch
new file mode 100644
index 0000000..7711d3f
--- /dev/null
+++ b/ed25519-java-CVE-2020-36843.patch
@@ -0,0 +1,39 @@
+--- ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java	2025-03-14 14:47:43.404137953 +0100
++++ ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java	2025-03-14 14:50:31.859888550 +0100
+@@ -12,6 +12,7 @@
+ package net.i2p.crypto.eddsa;
+ 
+ import java.io.ByteArrayOutputStream;
++import java.math.BigInteger;
+ import java.nio.ByteBuffer;
+ import java.security.InvalidAlgorithmParameterException;
+ import java.security.InvalidKeyException;
+@@ -29,6 +30,7 @@
+ import net.i2p.crypto.eddsa.math.Curve;
+ import net.i2p.crypto.eddsa.math.GroupElement;
+ import net.i2p.crypto.eddsa.math.ScalarOps;
++import net.i2p.crypto.eddsa.math.bigint.BigIntegerLittleEndianEncoding;
+ 
+ /**
+  * Signing and verification for EdDSA.
+@@ -69,6 +71,8 @@
+ public final class EdDSAEngine extends Signature {
+     public static final String SIGNATURE_ALGORITHM = "NONEwithEdDSA";
+ 
++    private static final BigInteger ORDER = new BigInteger("2").pow(252).add(new BigInteger("27742317777372353535851937790883648493"));
++
+     private MessageDigest digest;
+     private ByteArrayOutputStream baos;
+     private EdDSAKey key;
+@@ -306,6 +310,11 @@
+         h = key.getParams().getScalarOps().reduce(h);
+ 
+         byte[] Sbyte = Arrays.copyOfRange(sigBytes, b/8, b/4);
++        // RFC 8032
++        BigInteger Sbigint = (new BigIntegerLittleEndianEncoding()).toBigInteger(Sbyte);
++        if (Sbigint.compareTo(ORDER) >= 0)
++            return false;
++ 
+         // R = SB - H(Rbar,Abar,M)A
+         GroupElement R = key.getParams().getB().doubleScalarMultiplyVariableTime(
+                 ((EdDSAPublicKey) key).getNegativeA(), h, Sbyte);
diff --git a/ed25519-java-build.xml b/ed25519-java-build.xml
new file mode 100644
index 0000000..7a60876
--- /dev/null
+++ b/ed25519-java-build.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="eddsa" default="package" basedir=".">
+
+  <!-- ====================================================================== -->
+  <!-- Build environment properties                                           -->
+  <!-- ====================================================================== -->
+
+  <property name="compiler.release" value="8"/>
+  <property name="compiler.source" value="1.${compiler.release}"/>
+  <property name="compiler.target" value="${compiler.source}"/>
+
+  <property name="project.groupId" value="net.i2p.crypto"/>
+  <property name="project.artifactId" value="eddsa"/>
+  <property name="project.version" value="0.3.0"/>
+
+  <property name="build.finalName" value="${project.artifactId}-${project.version}"/>
+  <property name="build.dir" value="target"/>
+  <property name="build.outputDir" value="${build.dir}/classes"/>
+  <property name="build.srcDir" value="src"/>
+
+  <property name="reporting.outputDirectory" value="${build.dir}/site"/>
+
+  <!-- ====================================================================== -->
+  <!-- Cleaning up target                                                     -->
+  <!-- ====================================================================== -->
+
+  <target name="clean" description="Clean the output directory">
+    <delete dir="${build.dir}"/>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Compilation target                                                     -->
+  <!-- ====================================================================== -->
+
+  <target name="compile" description="Compile the code">
+    <mkdir dir="${build.outputDir}"/>
+    <javac destdir="${build.outputDir}" 
+           encoding="UTF-8" 
+           nowarn="false" 
+           debug="true" 
+           optimize="false" 
+           deprecation="true" 
+           release="${compiler.release}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false"
+           source="${compiler.source}">
+      <src>
+        <pathelement location="${build.srcDir}"/>
+      </src>
+    </javac>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Javadoc target                                                         -->
+  <!-- ====================================================================== -->
+
+  <target name="javadoc" description="Generates the Javadoc of the application">
+    <javadoc sourcepath="${build.srcDir}" 
+             packagenames="*" 
+             destdir="${reporting.outputDirectory}/apidocs" 
+             access="protected" 
+             encoding="UTF-8" 
+             source="${compiler.source}"
+             verbose="false" 
+             version="true" 
+             use="true" 
+             author="true" 
+             splitindex="false" 
+             nodeprecated="false" 
+             nodeprecatedlist="false" 
+             notree="false" 
+             noindex="false" 
+             nohelp="false" 
+             nonavbar="false" 
+             serialwarn="false" 
+             linksource="false" 
+             breakiterator="false"/>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Package target                                                         -->
+  <!-- ====================================================================== -->
+
+  <target name="package" depends="compile" description="Package the application">
+    <jar jarfile="${build.dir}/${build.finalName}.jar" 
+         compress="true" 
+         index="false" 
+         basedir="${build.outputDir}" 
+         excludes="**/package.html">
+      <manifest>
+        <attribute name="Automatic-Module-Name" value="${project.groupId}.${project.artifactId}"/>
+        <attribute name="Bundle-Description" value="Implementation of EdDSA in Java"/>
+        <attribute name="Bundle-License" value="https://creativecommons.org/publicdomain/zero/1.0/"/>
+        <attribute name="Bundle-ManifestVersion" value="2"/>
+        <attribute name="Bundle-Name" value="EdDSA-Java"/>
+        <attribute name="Bundle-SymbolicName" value="${project.groupId}.${project.artifactId}"/>
+        <attribute name="Bundle-Version" value="${project.version}"/>
+        <attribute name="Export-Package" value="net.i2p.crypto.eddsa.spec;version=&quot;${project.version}&quot;,net.i2p.crypto.eddsa;uses:=&quot;net.i2p.crypto.eddsa.spec&quot;;version=&quot;${project.version}&quot;"/>
+        <attribute name="Import-Package" value="sun.security.x509;resolution:=optional"/>
+        <attribute name="JavaPackages-ArtifactId" value="${project.artifactId}"/>
+        <attribute name="JavaPackages-GroupId" value="${project.groupId}"/>
+        <attribute name="JavaPackages-Version" value="${project.version}"/>
+        <attribute name="Require-Capability" value="osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=${compiler.target}))&quot;"/>
+      </manifest>
+    </jar>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- A dummy target for the package named after the type it creates         -->
+  <!-- ====================================================================== -->
+
+  <target name="jar" depends="package" description="Builds the jar for the application"/>
+
+</project>
diff --git a/ed25519-java.changes b/ed25519-java.changes
new file mode 100644
index 0000000..a4bcff2
--- /dev/null
+++ b/ed25519-java.changes
@@ -0,0 +1,38 @@
+-------------------------------------------------------------------
+Fri Mar 14 13:57:24 UTC 2025 - Fridrich Strba <fstrba@suse.com>
+
+- Added patch:
+  * ed25519-java-CVE-2020-36843.patch
+    + backport commit https://github.com/i2p/i2p.i2p/commit/
+      /d7d1dcb5399c61cf2916ccc45aa25b0209c88712
+    + Fixes bsc#1239551, CVE-2020-36843: no check performed on
+      scalar to avoid signature malleability
+
+-------------------------------------------------------------------
+Wed Oct 30 09:18:41 UTC 2024 - Fridrich Strba <fstrba@suse.com>
+
+- Rewrite the build using ant
+
+-------------------------------------------------------------------
+Wed Feb 21 10:42:44 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Mon Sep 11 10:01:59 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
+
+-------------------------------------------------------------------
+Tue Mar 22 08:08:13 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Build with source and target levels 8
+- Added patches:
+  * 0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch
+  * 0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch
+    + Remove use of internal sun JDK classes
+
+-------------------------------------------------------------------
+Mon Jun 29 11:08:23 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Initial packaging of ed25519 0.3.0
diff --git a/ed25519-java.spec b/ed25519-java.spec
new file mode 100644
index 0000000..7247d9d
--- /dev/null
+++ b/ed25519-java.spec
@@ -0,0 +1,92 @@
+#
+# spec file for package ed25519-java
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%global artifactId eddsa
+Name:           ed25519-java
+Version:        0.3.0
+Release:        0
+Summary:        Implementation of EdDSA (Ed25519) in Java
+License:        CC0-1.0
+URL:            https://github.com/str4d/ed25519-java
+Source0:        https://github.com/str4d/ed25519-java/archive/v%{version}/%{name}-%{version}.tar.gz
+Source1:        %{name}-build.xml
+Patch0:         0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch
+Patch1:         0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch
+Patch2:         %{name}-CVE-2020-36843.patch
+BuildRequires:  ant
+BuildRequires:  fdupes
+BuildRequires:  java-devel >= 1.8
+BuildRequires:  javapackages-local >= 6
+BuildArch:      noarch
+
+%description
+This is an implementation of EdDSA in Java. Structurally, it
+is based on the ref10 implementation in SUPERCOP (see
+http://ed25519.cr.yp.to/software.html).
+
+There are two internal implementations:
+
+* A port of the radix-2^51 operations in ref10
+  - fast and constant-time, but only useful for Ed25519.
+* A generic version using BigIntegers for calculation
+  - a bit slower and not constant-time, but compatible
+    with any EdDSA parameter specification.
+
+%package javadoc
+Summary:        Javadoc for %{name}
+
+%description javadoc
+This package contains javadoc for %{name}.
+
+%prep
+%setup -q
+cp %{SOURCE1} build.xml
+%patch -P 0 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+
+%build
+ant jar javadoc
+
+%install
+
+# jar
+install -dm 0755 %{buildroot}%{_javadir}
+install -pm 0644 target/%{artifactId}-%{version}.jar %{buildroot}%{_javadir}/%{artifactId}.jar
+ln -sf %{_javadir}/%{artifactId}.jar %{buildroot}%{_javadir}/%{name}.jar
+
+# pom
+install -dm 0755 %{buildroot}%{_mavenpomdir}
+%mvn_install_pom pom.xml %{buildroot}%{_mavenpomdir}/%{artifactId}.pom
+%add_maven_depmap %{artifactId}.pom %{artifactId}.jar
+
+# javadoc
+install -dm 0755 %{buildroot}%{_javadocdir}/%{name}
+cp -r target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}/
+%fdupes -s %{buildroot}%{_javadocdir}
+
+%files -f .mfiles
+%{_javadir}/%{name}.jar
+%doc README.md
+%license LICENSE.txt
+
+%files javadoc
+%{_javadocdir}/%{name}
+%license LICENSE.txt
+
+%changelog