From e7b12b8c8d1904ddd4e09022183f19d50e9b77d2 Mon Sep 17 00:00:00 2001
From: Scott Xu <scott-xu@msn.com>
Date: Sat, 20 Jul 2024 23:54:20 +0800
Subject: [PATCH 1/3] Ed25519 is now based on BouncyCastle instead of
 Chaos.NaCl

---
 .../Cryptography/ED25519DigitalSignature.cs        |  9 ++++++---
 .../Security/Cryptography/ED25519Key.cs            | 14 +++++---------
 src/Renci.SshNet/Security/SshKeyData.cs            |  5 +++--
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs b/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
index 5b39b09ff..19f5c8bac 100644
--- a/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
+++ b/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
@@ -1,7 +1,8 @@
 using System;
 
+using Org.BouncyCastle.Math.EC.Rfc8032;
+
 using Renci.SshNet.Common;
-using Renci.SshNet.Security.Chaos.NaCl;
 
 namespace Renci.SshNet.Security.Cryptography
 {
@@ -39,7 +40,7 @@ public ED25519DigitalSignature(ED25519Key key)
         /// <exception cref="InvalidOperationException">Invalid signature.</exception>
         public override bool Verify(byte[] input, byte[] signature)
         {
-            return Ed25519.Verify(signature, input, _key.PublicKey);
+            return Ed25519.Verify(signature, 0, _key.PublicKey, 0, input, 0, input.Length);
         }
 
         /// <summary>
@@ -52,7 +53,9 @@ public override bool Verify(byte[] input, byte[] signature)
         /// <exception cref="SshException">Invalid ED25519Key key.</exception>
         public override byte[] Sign(byte[] input)
         {
-            return Ed25519.Sign(input, _key.PrivateKey);
+            var signature = new byte[Ed25519.SignatureSize];
+            Ed25519.Sign(_key.PrivateKey, 0, input, 0, input.Length, signature, 0);
+            return signature;
         }
 
         /// <summary>
diff --git a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
index 5ee2332c0..0bc52d900 100644
--- a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
+++ b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
@@ -1,7 +1,8 @@
 using System;
 
+using Org.BouncyCastle.Math.EC.Rfc8032;
+
 using Renci.SshNet.Common;
-using Renci.SshNet.Security.Chaos.NaCl;
 using Renci.SshNet.Security.Cryptography;
 
 namespace Renci.SshNet.Security
@@ -49,7 +50,7 @@ public override int KeyLength
         {
             get
             {
-                return PublicKey.Length * 8;
+                return Ed25519.PublicKeySize * 8;
             }
         }
 
@@ -91,8 +92,7 @@ public ED25519Key(SshKeyData publicKeyData)
                 throw new ArgumentException($"Invalid Ed25519 public key data ({publicKeyData.Name}, {publicKeyData.Keys.Length}).", nameof(publicKeyData));
             }
 
-            PublicKey = publicKeyData.Keys[0].ToByteArray().Reverse().TrimLeadingZeros().Pad(Ed25519.PublicKeySizeInBytes);
-            PrivateKey = new byte[Ed25519.ExpandedPrivateKeySizeInBytes];
+            PublicKey = publicKeyData.Keys[0].ToByteArray().Reverse().TrimLeadingZeros().Pad(Ed25519.PublicKeySize);
         }
 
         /// <summary>
@@ -103,11 +103,7 @@ public ED25519Key(SshKeyData publicKeyData)
         /// </param>
         public ED25519Key(byte[] privateKeyData)
         {
-            var seed = new byte[Ed25519.PrivateKeySeedSizeInBytes];
-            Buffer.BlockCopy(privateKeyData, 0, seed, 0, seed.Length);
-            Ed25519.KeyPairFromSeed(out var publicKey, out var privateKey, seed);
-            PublicKey = publicKey;
-            PrivateKey = privateKey;
+            PrivateKey = privateKeyData.Take(Ed25519.SecretKeySize);
         }
 
         /// <summary>
diff --git a/src/Renci.SshNet/Security/SshKeyData.cs b/src/Renci.SshNet/Security/SshKeyData.cs
index 6a3af835a..fa0671459 100644
--- a/src/Renci.SshNet/Security/SshKeyData.cs
+++ b/src/Renci.SshNet/Security/SshKeyData.cs
@@ -1,8 +1,9 @@
 using System.Collections.Generic;
 using System.Text;
 
+using Org.BouncyCastle.Math.EC.Rfc8032;
+
 using Renci.SshNet.Common;
-using Renci.SshNet.Security.Chaos.NaCl;
 
 namespace Renci.SshNet.Security
 {
@@ -88,7 +89,7 @@ protected override void SaveData()
                 var keyData = key.ToByteArray().Reverse();
                 if (Name == "ssh-ed25519")
                 {
-                    keyData = keyData.TrimLeadingZeros().Pad(Ed25519.PublicKeySizeInBytes);
+                    keyData = keyData.TrimLeadingZeros().Pad(Ed25519.PublicKeySize);
                 }
 
                 WriteBinaryString(keyData);

From 9595212e864c75dfe2fba5cb8dd0a1db3a2a7eed Mon Sep 17 00:00:00 2001
From: Scott Xu <scott-xu@msn.com>
Date: Sun, 21 Jul 2024 00:19:12 +0800
Subject: [PATCH 2/3] Generate PublicKey and fix NullReferenceException

---
 .../Security/Cryptography/ED25519DigitalSignature.cs         | 2 +-
 src/Renci.SshNet/Security/Cryptography/ED25519Key.cs         | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs b/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
index 19f5c8bac..41cfe1f74 100644
--- a/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
+++ b/src/Renci.SshNet/Security/Cryptography/ED25519DigitalSignature.cs
@@ -54,7 +54,7 @@ public override bool Verify(byte[] input, byte[] signature)
         public override byte[] Sign(byte[] input)
         {
             var signature = new byte[Ed25519.SignatureSize];
-            Ed25519.Sign(_key.PrivateKey, 0, input, 0, input.Length, signature, 0);
+            Ed25519.Sign(_key.PrivateKey, 0, _key.PublicKey, 0, input, 0, input.Length, signature, 0);
             return signature;
         }
 
diff --git a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
index 0bc52d900..9dbb8fcf0 100644
--- a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
+++ b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
@@ -103,7 +103,10 @@ public ED25519Key(SshKeyData publicKeyData)
         /// </param>
         public ED25519Key(byte[] privateKeyData)
         {
-            PrivateKey = privateKeyData.Take(Ed25519.SecretKeySize);
+            PrivateKey = new byte[Ed25519.SecretKeySize];
+            PublicKey = new byte[Ed25519.PublicKeySize];
+            Buffer.BlockCopy(privateKeyData, 0, privateKeyData, 0, Ed25519.SecretKeySize);
+            Ed25519.GeneratePublicKey(privateKeyData, 0, PublicKey, 0);
         }
 
         /// <summary>

From 1bc7874eabaf8c1127fc718f22188fb06578ffcd Mon Sep 17 00:00:00 2001
From: Scott Xu <scott-xu@msn.com>
Date: Sun, 21 Jul 2024 00:23:18 +0800
Subject: [PATCH 3/3] Rectify variable name

---
 src/Renci.SshNet/Security/Cryptography/ED25519Key.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
index 9dbb8fcf0..705924635 100644
--- a/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
+++ b/src/Renci.SshNet/Security/Cryptography/ED25519Key.cs
@@ -105,7 +105,7 @@ public ED25519Key(byte[] privateKeyData)
         {
             PrivateKey = new byte[Ed25519.SecretKeySize];
             PublicKey = new byte[Ed25519.PublicKeySize];
-            Buffer.BlockCopy(privateKeyData, 0, privateKeyData, 0, Ed25519.SecretKeySize);
+            Buffer.BlockCopy(privateKeyData, 0, PrivateKey, 0, Ed25519.SecretKeySize);
             Ed25519.GeneratePublicKey(privateKeyData, 0, PublicKey, 0);
         }