Jsch (mwiede fork) can't use the 2.1.1 FIPS provider with ED25519 keys

[jogevego]

When using the Bouncy Castle FIPS 2.1.1 provider with JSch (mwiede fork) on Java 8, ED25519 keys cannot be used successfully. Other algorithms work as expected, but attempts with ED25519 result in failures.

Steps to Reproduce:

• Configure Java 8 with the BC FIPS 2.1.1 provider.

• Use JSch (mwiede fork) to connect to an SSH server with an ED25519 key.

• Attempt authentication.

Expected Behavior:
Authentication with ED25519 keys should succeed when using the BC FIPS provider.

Actual Behavior:
Authentication fails with ED25519 keys. Other algorithms (e.g., RSA, ECDSA) succeed.

Environment:

• Java version: 1.8.x

• Bouncy Castle FIPS provider: 2.1.1

• JSch (mwiede fork)

• OS: Mac OS, Windows

This issue seems specific to the interaction between JSch (mwiede fork) and the BC FIPS provider when ED25519 is used. Non-FIPS providers and other algorithms work correctly.

Here is the log that I am getting:

Provider initialized
Ed25519 provider: BCFIPS
Ed25519 provider info: BouncyCastle Security Provider (FIPS edition) v2.1.1
ssh-ed25519: com.jcraft.jsch.bc.SignatureEd25519
Connecting to 10.153.198.173...
JSch Log [level 1]: Connecting to 10.153.198.173 port 22
JSch Log [level 1]: Connection established
JSch Log [level 1]: Remote version string: SSH-2.0-OpenSSH_9.9
JSch Log [level 1]: Local version string: SSH-2.0-JSCH_2.27.2
JSch Log [level 1]: CheckCiphers: [email protected]
JSch Log [level 1]: CheckKexes: mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,sntrup761x25519-sha512,[email protected],curve25519-sha256,[email protected],curve448-sha512
JSch Log [level 1]: mlkem768x25519-sha256 is not available.
JSch Log [level 1]: mlkem768nistp256-sha256 is not available.
JSch Log [level 1]: mlkem1024nistp384-sha384 is not available.
JSch Log [level 1]: sntrup761x25519-sha512 is not available.
JSch Log [level 1]: [email protected] is not available.
JSch Log [level 1]: curve25519-sha256 is not available.
JSch Log [level 1]: [email protected] is not available.
JSch Log [level 1]: curve448-sha512 is not available.
JSch Log [level 0]: kex proposal before removing unavailable algos is: mlkem768x25519-sha256,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
JSch Log [level 0]: kex proposal after removing unavailable algos is: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
JSch Log [level 1]: CheckSignatures: ssh-ed25519,ssh-ed448
JSch Log [level 1]: ssh-ed25519 is not available.
JSch Log [level 1]: ssh-ed448 is not available.
JSch Log [level 0]: server_host_key proposal before removing unavailable algos is: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log [level 0]: server_host_key proposal after removing unavailable algos is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log [level 0]: server_host_key proposal before known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log [level 0]: server_host_key proposal after known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log [level 1]: SSH_MSG_KEXINIT sent
JSch Log [level 1]: SSH_MSG_KEXINIT received
JSch Log [level 1]: Doing strict KEX
JSch Log [level 1]: ext-info messaging supported by server
JSch Log [level 1]: server proposal: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,[email protected],ext-info-s,[email protected]
JSch Log [level 1]: server proposal: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
JSch Log [level 1]: server proposal: ciphers c2s: aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
JSch Log [level 1]: server proposal: ciphers s2c: aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected]
JSch Log [level 1]: server proposal: MACs c2s: hmac-sha2-512,hmac-sha2-256,[email protected],[email protected]
JSch Log [level 1]: server proposal: MACs s2c: hmac-sha2-512,hmac-sha2-256,[email protected],[email protected]
JSch Log [level 1]: server proposal: compression c2s: none,[email protected]
JSch Log [level 1]: server proposal: compression s2c: none,[email protected]
JSch Log [level 1]: server proposal: languages c2s:
JSch Log [level 1]: server proposal: languages s2c:
JSch Log [level 1]: client proposal: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
JSch Log [level 1]: client proposal: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log [level 1]: client proposal: ciphers c2s: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
JSch Log [level 1]: client proposal: ciphers s2c: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr
JSch Log [level 1]: client proposal: MACs c2s: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSch Log [level 1]: client proposal: MACs s2c: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
JSch Log [level 1]: client proposal: compression c2s: none
JSch Log [level 1]: client proposal: compression s2c: none
JSch Log [level 1]: client proposal: languages c2s:
JSch Log [level 1]: client proposal: languages s2c:
JSch Log [level 1]: kex: algorithm: ecdh-sha2-nistp256
JSch Log [level 1]: kex: host key algorithm: ecdsa-sha2-nistp256
JSch Log [level 1]: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
JSch Log [level 1]: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
JSch Log [level 1]: SSH_MSG_KEX_ECDH_INIT sent
JSch Log [level 1]: expecting SSH_MSG_KEX_ECDH_REPLY
JSch Log [level 1]: ssh_ecdsa_verify: ecdsa-sha2-nistp256 signature true
JSch Log [level 2]: Permanently added '10.153.198.173' (ECDSA) to the list of known hosts.
JSch Log [level 1]: Reset outgoing sequence number after sending SSH_MSG_NEWKEYS for strict KEX
JSch Log [level 1]: SSH_MSG_NEWKEYS sent
JSch Log [level 1]: SSH_MSG_NEWKEYS received
JSch Log [level 1]: Reset incoming sequence number after receiving SSH_MSG_NEWKEYS for strict KEX
JSch Log [level 1]: SSH_MSG_EXT_INFO sent
JSch Log [level 1]: SSH_MSG_SERVICE_REQUEST sent
JSch Log [level 1]: SSH_MSG_EXT_INFO received
JSch Log [level 1]: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-rsa>
JSch Log [level 1]: SSH_MSG_SERVICE_ACCEPT received
JSch Log [level 1]: SSH_MSG_EXT_INFO received
JSch Log [level 1]: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-dss,ssh-rsa>
JSch Log [level 1]: Authentications that can continue: publickey
JSch Log [level 1]: Next authentication method: publickey
JSch Log [level 0]: PubkeyAcceptedAlgorithms = ssh-ed25519
JSch Log [level 0]: Signature algorithms unavailable for non-agent identities = [ssh-ed25519, ssh-ed448]
JSch Log [level 0]: PubkeyAcceptedAlgorithms in server-sig-algs = [ssh-ed25519]
JSch Log [level 0]: ssh-ed25519 not available for identity /Users/joelvega/.ssh/id_ed25519

And here is the code for the app that I am using to test: https://github.com/jogevego/vm-connector

[dghgit]

Sorry, I'm not familiar with the internals of JSch how is it looking for Ed25519 in the provider?