Upgrade: trilead-ssh2 version to 217.371.vc1d30dc5a_b_32 (microsoft#15300)

Author: BinduSri-6522866

LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md

@@ -2587,6 +2587,7 @@
                 "cpulimit",
                 "cri-o",
                 "ecj",
+                "ed25519-java",
                 "fillup",
                 "flux",
                 "gd",
@@ -2609,6 +2610,7 @@
                 "javacc",
                 "javacc-bootstrap",
                 "javassist",
+                "jbcrypt",
                 "jboss-interceptors-1.2-api",
                 "jdepend",
                 "jflex",

LICENSES-AND-NOTICES/SPECS/data/licenses.json

@@ -0,0 +1,37 @@
+From c5629faa3e1880cc71da506263f224bc818fe827 Mon Sep 17 00:00:00 2001
+From: Jack Grigg <thestr4d@gmail.com>
+Date: Sun, 27 Jan 2019 23:27:00 +0000
+Subject: [PATCH 1/2] EdDSAEngine.initVerify(): Handle any non-EdDSAPublicKey
+ X.509-encoded pubkey
+
+sun.security.x509.X509Key is a JDK-internal API, and should not be used
+directly. Instead of looking for an instance of that class, we check the
+primary encoding format of the PublicKey, and proceed if it is "X.509".
+---
+ src/net/i2p/crypto/eddsa/EdDSAEngine.java | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/net/i2p/crypto/eddsa/EdDSAEngine.java b/src/net/i2p/crypto/eddsa/EdDSAEngine.java
+index 1f0ba6d..6b25410 100644
+--- a/src/net/i2p/crypto/eddsa/EdDSAEngine.java
++++ b/src/net/i2p/crypto/eddsa/EdDSAEngine.java
+@@ -29,7 +29,6 @@ import java.util.Arrays;
+ import net.i2p.crypto.eddsa.math.Curve;
+ import net.i2p.crypto.eddsa.math.GroupElement;
+ import net.i2p.crypto.eddsa.math.ScalarOps;
+-import sun.security.x509.X509Key;
+ 
+ /**
+  * Signing and verification for EdDSA.
+@@ -157,7 +156,7 @@ public final class EdDSAEngine extends Signature {
+                 }
+             } else if (!key.getParams().getHashAlgorithm().equals(digest.getAlgorithm()))
+                 throw new InvalidKeyException("Key hash algorithm does not match chosen digest");
+-        } else if (publicKey instanceof X509Key) {
++        } else if (publicKey.getFormat().equals("X.509")) {
+             // X509Certificate will sometimes contain an X509Key rather than the EdDSAPublicKey itself; the contained
+             // key is valid but needs to be instanced as an EdDSAPublicKey before it can be used.
+             EdDSAPublicKey parsedPublicKey;
+-- 
+2.33.1
+

SPECS-EXTENDED/ed25519-java/0001-EdDSAEngine.initVerify-Handle-any-non-EdDSAPublicKey.patch

@@ -0,0 +1,46 @@
+From 1ea7fb5ed949d8a458fda40b186868b7cffbb271 Mon Sep 17 00:00:00 2001
+From: Mat Booth <mat.booth@gmail.com>
+Date: Wed, 1 Dec 2021 09:35:10 +0000
+Subject: [PATCH 2/2] Disable test that relies on internal sun JDK classes
+
+---
+ test/net/i2p/crypto/eddsa/EdDSAEngineTest.java | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java b/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
+index 2ed793b..adc46fd 100644
+--- a/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
++++ b/test/net/i2p/crypto/eddsa/EdDSAEngineTest.java
+@@ -31,8 +31,6 @@ import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+ import org.junit.Rule;
+ import org.junit.Test;
+ import org.junit.rules.ExpectedException;
+-import sun.security.util.DerValue;
+-import sun.security.x509.X509Key;
+ 
+ /**
+  * @author str4d
+@@ -217,20 +215,4 @@ public class EdDSAEngineTest {
+         assertThat("verifyOneShot() failed", sgr.verifyOneShot(TEST_MSG, TEST_MSG_SIG), is(true));
+     }
+ 
+-    @Test
+-    public void testVerifyX509PublicKeyInfo() throws Exception {
+-        EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519");
+-        Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm()));
+-        for (Ed25519TestVectors.TestTuple testCase : Ed25519TestVectors.testCases) {
+-            EdDSAPublicKeySpec pubKey = new EdDSAPublicKeySpec(testCase.pk, spec);
+-            PublicKey vKey = new EdDSAPublicKey(pubKey);
+-            PublicKey x509Key = X509Key.parse(new DerValue(vKey.getEncoded()));
+-            sgr.initVerify(x509Key);
+-
+-            sgr.update(testCase.message);
+-
+-            assertThat("Test case " + testCase.caseNum + " failed",
+-                    sgr.verify(testCase.sig), is(true));
+-        }
+-    }
+ }
+-- 
+2.33.1
+

SPECS-EXTENDED/ed25519-java/0002-Disable-test-that-relies-on-internal-sun-JDK-classes.patch

@@ -0,0 +1,39 @@
+--- ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java	2025-03-14 14:47:43.404137953 +0100
++++ ed25519-java-0.3.0/src/net/i2p/crypto/eddsa/EdDSAEngine.java	2025-03-14 14:50:31.859888550 +0100
+@@ -12,6 +12,7 @@
+ package net.i2p.crypto.eddsa;
+ 
+ import java.io.ByteArrayOutputStream;
++import java.math.BigInteger;
+ import java.nio.ByteBuffer;
+ import java.security.InvalidAlgorithmParameterException;
+ import java.security.InvalidKeyException;
+@@ -29,6 +30,7 @@
+ import net.i2p.crypto.eddsa.math.Curve;
+ import net.i2p.crypto.eddsa.math.GroupElement;
+ import net.i2p.crypto.eddsa.math.ScalarOps;
++import net.i2p.crypto.eddsa.math.bigint.BigIntegerLittleEndianEncoding;
+ 
+ /**
+  * Signing and verification for EdDSA.
+@@ -69,6 +71,8 @@
+ public final class EdDSAEngine extends Signature {
+     public static final String SIGNATURE_ALGORITHM = "NONEwithEdDSA";
+ 
++    private static final BigInteger ORDER = new BigInteger("2").pow(252).add(new BigInteger("27742317777372353535851937790883648493"));
++
+     private MessageDigest digest;
+     private ByteArrayOutputStream baos;
+     private EdDSAKey key;
+@@ -306,6 +310,11 @@
+         h = key.getParams().getScalarOps().reduce(h);
+ 
+         byte[] Sbyte = Arrays.copyOfRange(sigBytes, b/8, b/4);
++        // RFC 8032
++        BigInteger Sbigint = (new BigIntegerLittleEndianEncoding()).toBigInteger(Sbyte);
++        if (Sbigint.compareTo(ORDER) >= 0)
++            return false;
++ 
+         // R = SB - H(Rbar,Abar,M)A
+         GroupElement R = key.getParams().getB().doubleScalarMultiplyVariableTime(
+                 ((EdDSAPublicKey) key).getNegativeA(), h, Sbyte);