From 484bfe098a293ad57d02a75703ab8b0a8b724e6e Mon Sep 17 00:00:00 2001
From: Muthu Palaniyappan OL <muthu892542@gmail.com>
Date: Sun, 13 Apr 2025 11:23:37 +0530
Subject: [PATCH] migrate from net.i2p.crypto.eddsa to
 org.bouncycastle.bcpkix-jdk18on to remediate CVE-2020-36843

Before this commit we were using net.i2p.crypto.eddsa which was vulnerable to CVE-2020-36843, now we are moving to org.bouncycastle.bcpkix-jdk18on to remediate cve
---
 pom.xml                                       |  8 ++++----
 .../utils/mail/dkim/DkimSigner.java           |  3 ++-
 .../utils/mail/dkim/DomainKey.java            | 19 ++++++++-----------
 .../utils/mail/dkim/KeyPairType.java          |  4 ++--
 4 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/pom.xml b/pom.xml
index 5daf571..3e0c147 100644
--- a/pom.xml
+++ b/pom.xml
@@ -85,9 +85,9 @@
 		</dependency>
 
 		<dependency>
-			<groupId>net.i2p.crypto</groupId>
-			<artifactId>eddsa</artifactId>
-			<version>0.3.0</version>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk18on</artifactId>
+			<version>1.78</version>
 		</dependency>
 	</dependencies>
-</project>
\ No newline at end of file
+</project>
diff --git a/src/main/java/org/simplejavamail/utils/mail/dkim/DkimSigner.java b/src/main/java/org/simplejavamail/utils/mail/dkim/DkimSigner.java
index 2b9f0b4..87439a8 100644
--- a/src/main/java/org/simplejavamail/utils/mail/dkim/DkimSigner.java
+++ b/src/main/java/org/simplejavamail/utils/mail/dkim/DkimSigner.java
@@ -2,9 +2,10 @@
 
 import jakarta.mail.Header;
 import jakarta.mail.MessagingException;
-import net.i2p.crypto.eddsa.EdDSAPrivateKey;
 import net.markenwerk.utils.data.fetcher.BufferedDataFetcher;
 import net.markenwerk.utils.data.fetcher.DataFetchException;
+
+import org.bouncycastle.jcajce.interfaces.EdDSAPrivateKey;
 import org.eclipse.angus.mail.util.CRLFOutputStream;
 import org.eclipse.angus.mail.util.QPEncoderStream;
 
diff --git a/src/main/java/org/simplejavamail/utils/mail/dkim/DomainKey.java b/src/main/java/org/simplejavamail/utils/mail/dkim/DomainKey.java
index fe2011a..d394c74 100644
--- a/src/main/java/org/simplejavamail/utils/mail/dkim/DomainKey.java
+++ b/src/main/java/org/simplejavamail/utils/mail/dkim/DomainKey.java
@@ -1,9 +1,9 @@
 package org.simplejavamail.utils.mail.dkim;
 
-import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.Signature;
@@ -20,12 +20,10 @@
 import java.util.StringTokenizer;
 import java.util.regex.Pattern;
 
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
-import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
-
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey;
+
 /**
  * A {@code DomainKey} holds the information about a domain key.
  * 
@@ -151,11 +149,10 @@ private RSAPublicKey getRsaPublicKey(String publicKeyTagValue) {
 
    private EdDSAPublicKey getEd25519PublicKey(String publicKeyTagValue) {
       try {
-         KeyFactory keyFactory = KeyFactory.getInstance(KeyPairType.ED25519.getJavaNotation());
-         EdDSAPublicKeySpec publicKeySpec = new EdDSAPublicKeySpec(Base64.getDecoder().decode(publicKeyTagValue),
-               EdDSANamedCurveTable.ED_25519_CURVE_SPEC);
-         return (EdDSAPublicKey) keyFactory.generatePublic(publicKeySpec);
-      } catch (NoSuchAlgorithmException nsae) {
+         byte[] keyBytes = Base64.getDecoder().decode(publicKeyTagValue);
+         KeyFactory keyFactory = KeyFactory.getInstance(KeyPairType.ED25519.getJavaNotation(), "BC");
+         return (EdDSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(keyBytes));
+      } catch (NoSuchAlgorithmException | NoSuchProviderException nsae) {
          throw new DkimException("Ed25519 algorithm not found by JVM");
       } catch (IllegalArgumentException e) {
          throw new DkimException("The public key " + publicKeyTagValue + " couldn't be read.", e);
@@ -297,4 +294,4 @@ private void checkKeyCompatiblilty(PrivateKey privateKey)
 
    }
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/simplejavamail/utils/mail/dkim/KeyPairType.java b/src/main/java/org/simplejavamail/utils/mail/dkim/KeyPairType.java
index 1842ac5..471b860 100644
--- a/src/main/java/org/simplejavamail/utils/mail/dkim/KeyPairType.java
+++ b/src/main/java/org/simplejavamail/utils/mail/dkim/KeyPairType.java
@@ -4,7 +4,7 @@
 import java.util.Arrays;
 import java.util.List;
 
-import net.i2p.crypto.eddsa.EdDSASecurityProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public enum KeyPairType {
 
@@ -25,7 +25,7 @@ protected void initialize() {
       @Override
       protected void initialize() {
          if (!initailized) {
-            Security.addProvider(new EdDSASecurityProvider());
+            Security.addProvider(new BouncyCastleProvider());
             initailized = true;
          }
       }