Merge pull request #264 from norrisjeremy/20230105

0.2.7 changes

.github/workflows/maven.yml

@@ -34,6 +34,12 @@ jobs:
         check-latest: true
     - name: Build with Maven
       run: mvn -B -DskipTests=true package --file pom.xml
+    - uses: actions/upload-artifact@v3
+      with:
+        name: java-${{ matrix.java }}-jars
+        path: |
+          **/target/*.jar
+      if: always()
     - name: Set up test JDK ${{ matrix.java }}
       uses: actions/setup-java@v3
       with:
@@ -49,4 +55,5 @@ jobs:
           **/target/surefire-reports/
           **/target/failsafe-reports/
           **/target/site/jacoco/
+          **/target/site/jacoco-it/
       if: always()

.mvn/wrapper/maven-wrapper.properties

@@ -14,5 +14,5 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.7/apache-maven-3.8.7-bin.zip
 wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

ChangeLog.md

@@ -1,3 +1,23 @@
+* [0.2.7](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.7)
+  * Fix exception logging in Log4j2Logger.
+  * [#265](https://github.com/mwiede/jsch/issues/265) change buffer_margin computation to be dynamic based upon the MAC to allow connections that advertise small maximum packet sizes.
+  * [#266](https://github.com/mwiede/jsch/issues/266) fix PuTTY key parsing to work with unix line endings.
+  * Add support for ECDSA & EdDSA type PuTTY keys.
+  * [#71](https://github.com/mwiede/jsch/issues/71) add support for PuTTY version 3 format keys.
+    * Encrypted PuTTY version 3 format keys requires [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk18on).
+  * Eliminate KeyPairDeferred and instead change handling of OpenSSH V1 type keys to be more like other KeyPair types.
+  * Be more vigilant about clearing private key data.
+  * Improve PKCS8 key handling and add support for PKCS5 2.1 encryption.
+  * Add support for ECDSA type PKCS8 keys.
+  * Add support for SCrypt type KDF for PKCS8 keys.
+    * PKCS8 keys using SCrypt requires [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk18on).
+  * Add support for EdDSA type PKCS8 keys.
+    * EdDSA type PKCS8 keys requires [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk18on).
+  * Attempt to authenticate using other signature algorithms supported by the same public key.
+    * Allow this behavior to be disabled via `try_additional_pubkey_algorithms` config option.
+      * Some servers incorrectly respond with `SSH_MSG_USERAUTH_PK_OK` to an initial auth query that they don't actually support for RSA keys.
+  * Add a new config option `enable_pubkey_auth_query` to allow skipping auth queries and proceed directly to attempting full `SSH_MSG_USERAUTH_REQUEST`'s.
+  * Add a new config option `enable_auth_none` to control whether an initial auth request for the method `none` is sent to detect all supported auth methods available on the server.
 * [0.2.6](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.6)
   * Include host alias instead of the real host in messages and exceptions by @ShadelessFox in https://github.com/mwiede/jsch/pull/257
   * Fix missing keySize set when loading V1 RSA keys by @Alex-Vol-Amz in https://github.com/mwiede/jsch/pull/258

pom.xml

@@ -77,6 +77,7 @@
         <skipITs>true</skipITs>
         <junixsocket.version>2.6.1</junixsocket.version>
         <jna.version>5.12.1</jna.version>
+        <log4j.version>2.19.0</log4j.version>
     </properties>
     <dependencies>
         <dependency>
@@ -118,7 +119,7 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-api</artifactId>
-            <version>2.19.0</version>
+            <version>${log4j.version}</version>
             <optional>true</optional>
             <exclusions>
                 <exclusion>
@@ -163,33 +164,28 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-classic</artifactId>
-            <version>1.3.4</version>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>31.1-jre</version>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.scala-lang</groupId>
-            <artifactId>scala-library</artifactId>
-            <version>2.13.6</version>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>${log4j.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.scalatest</groupId>
-            <artifactId>scalatest_2.13</artifactId>
-            <version>3.2.13</version>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>${log4j.version}</version>
+            <type>test-jar</type>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.scala-lang</groupId>
-                    <artifactId>scala-library</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
-            <groupId>co.helmethair</groupId>
-            <artifactId>scalatest-junit-runner</artifactId>
-            <version>0.2.0</version>
+            <groupId>com.github.valfirst</groupId>
+            <artifactId>slf4j-test</artifactId>
+            <version>2.8.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -282,7 +278,7 @@
                     <showDeprecation>true</showDeprecation>
                     <showWarnings>true</showWarnings>
                     <compilerArgs>
-                        <arg>-Xlint:all</arg>
+                        <arg>-Xlint:all,-processing</arg>
                         <arg>-Werror</arg>
                     </compilerArgs>
                 </configuration>
@@ -373,40 +369,12 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>net.alchim31.maven</groupId>
-                <artifactId>scala-maven-plugin</artifactId>
-                <version>4.8.0</version>
-                <configuration>
-                    <recompileMode>all</recompileMode>
-                    <sendJavaToScalac>false</sendJavaToScalac>
-                    <args>
-                        <arg>-deprecation</arg>
-                        <arg>-feature</arg>
-                        <arg>-unchecked</arg>
-                        <arg>-Xfatal-warnings</arg>
-                    </args>
-                </configuration>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>testCompile</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.22.2</version>
                 <configuration>
                     <trimStackTrace>false</trimStackTrace>
-                    <systemProperties>
-                        <property>
-                            <name>java.util.logging.config.file</name>
-                            <value>${project.basedir}/src/test/resources/logging.properties</value>
-                        </property>
-                    </systemProperties>
                 </configuration>
             </plugin>
             <plugin>
@@ -415,12 +383,6 @@
                 <version>2.22.2</version>
                 <configuration>
                     <trimStackTrace>false</trimStackTrace>
-                    <systemProperties>
-                        <property>
-                            <name>java.util.logging.config.file</name>
-                            <value>${project.basedir}/src/test/resources/logging.properties</value>
-                        </property>
-                    </systemProperties>
                 </configuration>
                 <executions>
                     <execution>
@@ -594,12 +556,24 @@
                                     <goal>prepare-agent</goal>
                                 </goals>
                             </execution>
+                            <execution>
+                                <id>default-prepare-agent-integration</id>
+                                <goals>
+                                    <goal>prepare-agent-integration</goal>
+                                </goals>
+                            </execution>
                             <execution>
                                 <id>default-report</id>
                                 <goals>
                                     <goal>report</goal>
                                 </goals>
                             </execution>
+                            <execution>
+                                <id>default-report-integration</id>
+                                <goals>
+                                    <goal>report-integration</goal>
+                                </goals>
+                            </execution>
                         </executions>
                     </plugin>
                 </plugins>
@@ -630,7 +604,7 @@
                                 <path>
                                     <groupId>com.google.errorprone</groupId>
                                     <artifactId>error_prone_core</artifactId>
-                                    <version>2.15.0</version>
+                                    <version>2.17.0</version>
                                 </path>
                             </annotationProcessorPaths>
                         </configuration>
@@ -639,4 +613,4 @@
             </build>
         </profile>
     </profiles>
-</project>
+</project>

src/main/java/com/jcraft/jsch/Argon2.java

@@ -0,0 +1,40 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2013-2018 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  1. Redistributions of source code must retain the above copyright notice,
+     this list of conditions and the following disclaimer.
+
+  2. Redistributions in binary form must reproduce the above copyright 
+     notice, this list of conditions and the following disclaimer in 
+     the documentation and/or other materials provided with the distribution.
+
+  3. The names of the authors may not be used to endorse or promote products
+     derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch;
+
+public interface Argon2 extends KDF{
+  public static final int ARGON2D = 0;
+  public static final int ARGON2I = 1;
+  public static final int ARGON2ID = 2;
+  public static final int V10 = 0x10;
+  public static final int V13 = 0x13;
+
+  void init(byte[] salt, int iteration, int type, byte[] additional, byte[] secret, int memory, int parallelism, int version) throws Exception;
+}

src/main/java/com/jcraft/jsch/BCrypt.java

@@ -0,0 +1,34 @@
+/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
+/*
+Copyright (c) 2013-2018 ymnk, JCraft,Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  1. Redistributions of source code must retain the above copyright notice,
+     this list of conditions and the following disclaimer.
+
+  2. Redistributions in binary form must reproduce the above copyright 
+     notice, this list of conditions and the following disclaimer in 
+     the documentation and/or other materials provided with the distribution.
+
+  3. The names of the authors may not be used to endorse or promote products
+     derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
+INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package com.jcraft.jsch;
+
+public interface BCrypt extends KDF{
+  void init(byte[] salt, int iteration) throws Exception;
+}

src/main/java/com/jcraft/jsch/Buffer.java

@@ -212,8 +212,13 @@ byte getCommand(){
     return buffer[5];
   }
 
+  // Hardcode this since we can't use dynamic Session value
+  private static final int buffer_margin = 32 + // maximum padding length
+                                           64 + // maximum mac length
+                                           32;  // margin for deflater; deflater may inflate data
+
   void checkFreeSize(int n){
-    int size = index+n+Session.buffer_margin;
+    int size = index+n+buffer_margin;
     if(buffer.length<size){
       int i = buffer.length*2;
       if(i<size) i = size;

src/main/java/com/jcraft/jsch/Channel.java

@@ -240,10 +240,15 @@ private synchronized void init() throws IOException{
           packet=new Packet(buffer);
 
           byte[] _buf=buffer.buffer;
-          if(_buf.length-(14+0)-Session.buffer_margin<=0){
-            buffer=null;
-            packet=null;
-            throw new IOException("failed to initialize the channel.");
+          try{
+            if(_buf.length-(14+0)-getSession().getBufferMargin()<=0){
+              buffer=null;
+              packet=null;
+              throw new IOException("failed to initialize the channel.");
+            }
+          }
+          catch(JSchException e){
+            throw new IOException("failed to initialize the channel.", e);
           }
 
         }
@@ -265,21 +270,27 @@ public void write(byte[] buf, int s, int l) throws IOException{
 
           byte[] _buf=buffer.buffer;
           int _bufl=_buf.length;
-          while(l>0){
-            int _l=l;
-            if(l>_bufl-(14+dataLen)-Session.buffer_margin){
-              _l=_bufl-(14+dataLen)-Session.buffer_margin;
-            }
-
-            if(_l<=0){
-              flush();
-              continue;
+          try{
+            while(l>0){
+              int _l=l;
+              int buffer_margin=getSession().getBufferMargin();
+              if(l>_bufl-(14+dataLen)-buffer_margin){
+                _l=_bufl-(14+dataLen)-buffer_margin;
+              }
+
+              if(_l<=0){
+                flush();
+                continue;
+              }
+
+              System.arraycopy(buf, s, _buf, 14+dataLen, _l);
+              dataLen+=_l;
+              s+=_l;
+              l-=_l;
             }
-
-            System.arraycopy(buf, s, _buf, 14+dataLen, _l);
-            dataLen+=_l;
-            s+=_l;
-            l-=_l;
+          }
+          catch(JSchException e){
+            throw new IOException(e.toString(), e);
           }
         }
 

src/main/java/com/jcraft/jsch/ChannelDirectStreamLocal.java

@@ -47,7 +47,7 @@ protected Packet genChannelOpenPacket() {
 
         Buffer buf = new Buffer(50 +
                 socketPath.length() +
-                Session.buffer_margin);
+                session.getBufferMargin());
         Packet packet = new Packet(buf);
         packet.reset();
         buf.putByte((byte) SSH_MSG_CHANNEL_OPEN);

src/main/java/com/jcraft/jsch/ChannelDirectTCPIP.java

@@ -104,7 +104,7 @@ void run(){
         i=io.in.read(buf.buffer, 
                      14, 
                      buf.buffer.length-14
-                     -Session.buffer_margin
+                     -_session.getBufferMargin()
                      );
         if(i<=0){
           eof();
@@ -154,7 +154,7 @@ public void setOutputStream(OutputStream out){
   protected Packet genChannelOpenPacket(){
     Buffer buf = new Buffer(50 + // 6 + 4*8 + 12
                             host.length() + originator_IP_address.length() +
-                            Session.buffer_margin);
+                            session.getBufferMargin());
     Packet packet = new Packet(buf);
     // byte   SSH_MSG_CHANNEL_OPEN(90)
     // string channel type         //