Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for custom cryptography #62

Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

Add support for custom cryptography #62

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
620d931
Initial client-side RSA private key support
Joannis Oct 28, 2020
cc00081
Implement RSA in a separate module, to be removed before a merge
Joannis Dec 21, 2020
17f5cad
Removed RSA, added a custom key test
Joannis Jan 21, 2021
f0e31b2
Merge branch 'main' into jo-rsa-private-keys
Joannis Feb 12, 2021
077e954
Add docs
Joannis Feb 12, 2021
fc5f565
Merge branch 'jo-rsa-private-keys' of github.com:joannis/swift-nio-ss…
Joannis Feb 26, 2021
497919b
Merge branch 'main' into jo-rsa-private-keys
Joannis Feb 26, 2021
a742b44
Merge branch 'main' into jo-rsa-private-keys
Joannis Jun 24, 2021
4ecf937
Support custom public key types for host keys
Joannis Jun 25, 2021
5852c0c
More transport options
Joannis Jul 2, 2021
569c03e
Implemented passing sequence numbers, and adapter protocols so that o…
Joannis Jul 4, 2021
3837545
Ignore the authentication banner
Joannis Jul 4, 2021
316c8d6
Enable old algorithms
Joannis Jul 21, 2021
ee4b862
Merge remote-tracking branch 'apple/main' into jo-rsa-private-keys
Joannis Nov 11, 2021
241b456
Merge remote-tracking branch 'apple/main' into jo-rsa-private-keys
Joannis Nov 16, 2021
d8c64fa
Remove conflicts with PR #98
Joannis Nov 16, 2021
a50df12
Fixed broken tests after merge. Added tests for all algorithms using …
Joannis Nov 16, 2021
3f42d1f
Merge branch 'apple:main' into jo-rsa-private-keys
gwynne Nov 24, 2021
f4efdbc
Define transport protection & key exchange types on the client/server…
Joannis Nov 25, 2021
642d961
Remove whitespace
Joannis Nov 25, 2021
c5ccb88
Fix typo
gwynne Dec 4, 2021
a4f1a81
Address some of the PR feedback
gwynne Dec 4, 2021
c66f0f1
Merge branch 'main' into jo-rsa-private-keys
gwynne May 15, 2022
df0b47e
Remove defaulted parameters per PR feedback and fix a pile of broken …
gwynne May 15, 2022
f8b8add
Encapsulate globals in an enum per PR feedback
gwynne May 15, 2022
b66b64f
Use fine-grained locking per PR feedback
gwynne May 15, 2022
d1fc273
Address soundness.sh issues with correct version of swiftformat.
gwynne May 23, 2022
4b0e7ec
Fix copyright header year
gwynne May 23, 2022
86a99b1
Merge branch 'apple:main' into jo-rsa-private-keys
JaapWijnen Aug 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Sources/NIOSSH/ByteBuffer+SSH.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ extension ByteBuffer {

/// Writes a given number of SSH-acceptable padding bytes to this buffer.
@discardableResult
mutating func writeSSHPaddingBytes(count: Int) -> Int {
public mutating func writeSSHPaddingBytes(count: Int) -> Int {
// Annoyingly, the system random number generator can only give bytes to us 8 bytes at a time.
precondition(count >= 0, "Cannot write negative number of padding bytes: \(count)")

Expand Down
2 changes: 1 addition & 1 deletion Sources/NIOSSH/Connection State Machine/Operations/AcceptsKeyExchangeMessages.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ extension AcceptsKeyExchangeMessages {
}

mutating func receiveKeyExchangeInitMessage(_ message: SSHMessage.KeyExchangeECDHInitMessage) throws -> SSHConnectionStateMachine.StateMachineInboundProcessResult {
let message = try self.keyExchangeStateMachine.handle(keyExchangeInit: message)
let message = try self.keyExchangeStateMachine.handle(keyExchangeInit: message.publicKey)

if let message = message {
return .emitMessage(message)
Expand Down
7 changes: 4 additions & 3 deletions Sources/NIOSSH/Connection State Machine/SSHConnectionStateMachine.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@ struct SSHConnectionStateMachine {
/// The state of this state machine.
private var state: State

private static let defaultTransportProtectionSchemes: [NIOSSHTransportProtection.Type] = [
static let bundledTransportProtectionSchemes: [NIOSSHTransportProtection.Type] = [
AES256GCMOpenSSHTransportProtection.self, AES128GCMOpenSSHTransportProtection.self,
]

init(role: SSHConnectionRole, protectionSchemes: [NIOSSHTransportProtection.Type] = Self.defaultTransportProtectionSchemes) {
self.state = .idle(IdleState(role: role, protectionSchemes: protectionSchemes))
init(role: SSHConnectionRole) {
self.state = .idle(IdleState(role: role))
}

func start() -> SSHMultiMessage? {
Expand Down Expand Up @@ -182,6 +182,7 @@ struct SSHConnectionStateMachine {
return .noMessage
case .unimplemented(let unimplemented):
throw NIOSSHError.remotePeerDoesNotSupportMessage(unimplemented)

default:
// TODO: enforce RFC 4253:
//
Expand Down
5 changes: 0 additions & 5 deletions Sources/NIOSSH/Connection State Machine/States/ActiveState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,13 @@ extension SSHConnectionStateMachine {

internal var remoteVersion: String

internal var protectionSchemes: [NIOSSHTransportProtection.Type]

internal var sessionIdentifier: ByteBuffer

init(_ previous: UserAuthenticationState) {
self.role = previous.role
self.serializer = previous.serializer
self.parser = previous.parser
self.remoteVersion = previous.remoteVersion
self.protectionSchemes = previous.protectionSchemes
self.sessionIdentifier = previous.sessionIdentifier
}

Expand All @@ -45,7 +42,6 @@ extension SSHConnectionStateMachine {
self.serializer = previous.serializer
self.parser = previous.parser
self.remoteVersion = previous.remoteVersion
self.protectionSchemes = previous.protectionSchemes
self.sessionIdentifier = previous.sessionIdentifier
}

Expand All @@ -54,7 +50,6 @@ extension SSHConnectionStateMachine {
self.serializer = previous.serializer
self.parser = previous.parser
self.remoteVersion = previous.remoteVersion
self.protectionSchemes = previous.protectionSchemes
self.sessionIdentifier = previous.sessionIdentifier
}
}
Expand Down
7 changes: 5 additions & 2 deletions Sources/NIOSSH/Connection State Machine/States/IdleState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,13 @@ extension SSHConnectionStateMachine {

internal var protectionSchemes: [NIOSSHTransportProtection.Type]

init(role: SSHConnectionRole, protectionSchemes: [NIOSSHTransportProtection.Type]) {
internal var keyExchangeAlgorithms: [NIOSSHKeyExchangeAlgorithmProtocol.Type]

init(role: SSHConnectionRole) {
self.role = role
self.serializer = SSHPacketSerializer()
self.protectionSchemes = protectionSchemes
self.protectionSchemes = role.transportProtectionSchemes
self.keyExchangeAlgorithms = role.keyExchangeAlgorithms
}
}
}
5 changes: 1 addition & 4 deletions Sources/NIOSSH/Connection State Machine/States/KeyExchangeState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

/// The backing state machine.
var keyExchangeStateMachine: SSHKeyExchangeStateMachine

Expand All @@ -38,8 +36,7 @@ extension SSHConnectionStateMachine {
self.parser = state.parser
self.serializer = state.serializer
self.remoteVersion = remoteVersion
self.protectionSchemes = state.protectionSchemes
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: state.role, remoteVersion: remoteVersion, protectionSchemes: state.protectionSchemes, previousSessionIdentifier: nil)
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: state.role, remoteVersion: remoteVersion, keyExchangeAlgorithms: state.role.keyExchangeAlgorithms, transportProtectionSchemes: state.role.transportProtectionSchemes, previousSessionIdentifier: nil)
}
}
}
Expand Down
5 changes: 1 addition & 4 deletions Sources/NIOSSH/Connection State Machine/States/ReceivedKexInitWhenActiveState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ extension SSHConnectionStateMachine {

internal var remoteVersion: String

internal var protectionSchemes: [NIOSSHTransportProtection.Type]

internal var keyExchangeStateMachine: SSHKeyExchangeStateMachine

internal var sessionIdentifier: ByteBuffer
Expand All @@ -39,9 +37,8 @@ extension SSHConnectionStateMachine {
self.serializer = previous.serializer
self.parser = previous.parser
self.remoteVersion = previous.remoteVersion
self.protectionSchemes = previous.protectionSchemes
self.sessionIdentifier = previous.sessionIdentifier
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: previous.role, remoteVersion: previous.remoteVersion, protectionSchemes: previous.protectionSchemes, previousSessionIdentifier: self.sessionIdentifier)
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: previous.role, remoteVersion: previous.remoteVersion, keyExchangeAlgorithms: self.role.keyExchangeAlgorithms, transportProtectionSchemes: self.role.transportProtectionSchemes, previousSessionIdentifier: self.sessionIdentifier)
}
}
}
Expand Down
3 changes: 0 additions & 3 deletions Sources/NIOSSH/Connection State Machine/States/ReceivedNewKeysState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -45,7 +43,6 @@ extension SSHConnectionStateMachine {
self.parser = state.parser
self.serializer = state.serializer
self.remoteVersion = state.remoteVersion
self.protectionSchemes = state.protectionSchemes
self.keyExchangeStateMachine = state.keyExchangeStateMachine

// We force unwrap the session ID because it's programmer error to not have it at this time.
Expand Down
3 changes: 0 additions & 3 deletions Sources/NIOSSH/Connection State Machine/States/RekeyingReceivedNewKeysState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -41,7 +39,6 @@ extension SSHConnectionStateMachine {
self.parser = previousState.parser
self.serializer = previousState.serializer
self.remoteVersion = previousState.remoteVersion
self.protectionSchemes = previousState.protectionSchemes
self.sessionIdentifier = previousState.sessionIdentifier
self.keyExchangeStateMachine = previousState.keyExchangeStateMachine
}
Expand Down
3 changes: 0 additions & 3 deletions Sources/NIOSSH/Connection State Machine/States/RekeyingSentNewKeysState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -41,7 +39,6 @@ extension SSHConnectionStateMachine {
self.parser = previousState.parser
self.serializer = previousState.serializer
self.remoteVersion = previousState.remoteVersion
self.protectionSchemes = previousState.protectionSchemes
self.sessionIdentifier = previousState.sessionIdentifier
self.keyExchangeStateMachine = previousState.keyExchangeStateMachine
}
Expand Down
4 changes: 0 additions & 4 deletions Sources/NIOSSH/Connection State Machine/States/RekeyingState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -40,7 +38,6 @@ extension SSHConnectionStateMachine {
self.parser = previousState.parser
self.serializer = previousState.serializer
self.remoteVersion = previousState.remoteVersion
self.protectionSchemes = previousState.protectionSchemes
self.sessionIdentifier = previousState.sessionIdentifier
self.keyExchangeStateMachine = previousState.keyExchangeStateMachine
}
Expand All @@ -50,7 +47,6 @@ extension SSHConnectionStateMachine {
self.parser = previousState.parser
self.serializer = previousState.serializer
self.remoteVersion = previousState.remoteVersion
self.protectionSchemes = previousState.protectionSchemes
self.sessionIdentifier = previousState.sessionIdentitifier
self.keyExchangeStateMachine = previousState.keyExchangeStateMachine
}
Expand Down
5 changes: 1 addition & 4 deletions Sources/NIOSSH/Connection State Machine/States/SentKexInitWhenActiveState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ extension SSHConnectionStateMachine {

internal var remoteVersion: String

internal var protectionSchemes: [NIOSSHTransportProtection.Type]

internal var sessionIdentitifier: ByteBuffer

internal var keyExchangeStateMachine: SSHKeyExchangeStateMachine
Expand All @@ -39,9 +37,8 @@ extension SSHConnectionStateMachine {
self.serializer = previous.serializer
self.parser = previous.parser
self.remoteVersion = previous.remoteVersion
self.protectionSchemes = previous.protectionSchemes
self.sessionIdentitifier = previous.sessionIdentifier
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: self.role, remoteVersion: self.remoteVersion, protectionSchemes: self.protectionSchemes, previousSessionIdentifier: previous.sessionIdentifier)
self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: self.role, remoteVersion: self.remoteVersion, keyExchangeAlgorithms: self.role.keyExchangeAlgorithms, transportProtectionSchemes: self.role.transportProtectionSchemes, previousSessionIdentifier: previous.sessionIdentifier)
}
}
}
Expand Down
3 changes: 0 additions & 3 deletions Sources/NIOSSH/Connection State Machine/States/SentNewKeysState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -46,7 +44,6 @@ extension SSHConnectionStateMachine {
self.serializer = state.serializer
self.keyExchangeStateMachine = state.keyExchangeStateMachine
self.remoteVersion = state.remoteVersion
self.protectionSchemes = state.protectionSchemes

// We force unwrap the session ID here because it's programmer error to not have it at this stage.
self.sessionIdentifier = self.keyExchangeStateMachine.sessionID!
Expand Down
3 changes: 0 additions & 3 deletions Sources/NIOSSH/Connection State Machine/States/SentVersionState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,11 @@ extension SSHConnectionStateMachine {
/// The packet serializer used by this state machine.
var serializer: SSHPacketSerializer

var protectionSchemes: [NIOSSHTransportProtection.Type]

private let allocator: ByteBufferAllocator

init(idleState state: IdleState, allocator: ByteBufferAllocator) {
self.role = state.role
self.serializer = state.serializer
self.protectionSchemes = state.protectionSchemes

self.parser = SSHPacketParser(allocator: allocator)
self.allocator = allocator
Expand Down
4 changes: 0 additions & 4 deletions Sources/NIOSSH/Connection State Machine/States/UserAuthenticationState.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@ extension SSHConnectionStateMachine {

var remoteVersion: String

var protectionSchemes: [NIOSSHTransportProtection.Type]

var sessionIdentifier: ByteBuffer

/// The backing state machine.
Expand All @@ -41,7 +39,6 @@ extension SSHConnectionStateMachine {
self.serializer = state.serializer
self.userAuthStateMachine = state.userAuthStateMachine
self.remoteVersion = state.remoteVersion
self.protectionSchemes = state.protectionSchemes
self.sessionIdentifier = state.sessionIdentifier
}

Expand All @@ -51,7 +48,6 @@ extension SSHConnectionStateMachine {
self.serializer = state.serializer
self.userAuthStateMachine = state.userAuthStateMachine
self.remoteVersion = state.remoteVersion
self.protectionSchemes = state.protectionSchemes
self.sessionIdentifier = state.sessionIdentifier
}
}
Expand Down
Loading