* Added GetAttributesAsync to SftpClient
* Adding integration tests + unit test
* Address warnings in test classes.
---------
Co-authored-by: William Decker <william.decker@syndigo.com>
Where beneficial, add additional overrides from the base Stream class. Namely the Span
variants and for PipeStream, the WriteAsync variants (see comments).
The change also adds an internal type borrowed from the runtime repo for easier buffer
management, which could also be used elsewhere.
Wireshark can already helpfully dissect the initial SSH handshake. When given the
session keys, it can also dissect the encrypted traffic for inspection/debugging.
This adds a helper in Debug mode to write out that information in the format
Wireshark requires.
Usage is to set `SshNetLoggingConfiguration.WiresharkKeyLogFilePath` before connecting, and supply the same value to Wireshark in Edit -> Preferences -> Protocols
-> SSH -> "Key log filename".
The description of the format is at https://wiki.wireshark.org/SSH#key-log-format
* Bump the dependencies group with 5 updates
* use MEL 8.0.3
* use MSTest meta package
* revert Meziantou due to NRE
* add a more useful global.json and pin third party action
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* Only enable TreatWarningsAsErrors in Release
* Remove global.json
this doesn't actually do anything useful like this.
* Also check CI
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
---------
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* Add an OrderedDictionary implementation for algorithm priorities
During the key exchange, the algorithms to be used are chosen based on the order that
the client sends: first algorithm is most desirable. Currently, the algorithm
collections in ConnectionInfo are defined as IDictionary<,> and backed by
Dictionary<,>, which does not have any guarantees on the order of enumeration
(in practice, when only adding and not removing items it does enumerate in the order
that items were added as an implementation detail, but it's not great to rely on it).
This change adds IOrderedDictionary<,> and uses it in ConnectionInfo. On .NET 9,
this is backed by System.Collections.Generic.OrderedDictionary<,> and on lower
targets, it uses a relatively simple implementation backed by a List and a
Dictionary.
* use ThrowIfNegative
* CI: run .NET Framework Integration Tests on Windows
* use apt-get
* use vampire/setup-wsl
* Run Windows Integration Tests in separate job
so publish doesn't depend on it
* Ignore flakey Test from #1253 in CI
* Drop net6.0 target
* Update src/Renci.SshNet/Common/TaskToAsyncResult.cs
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* remove redundant #if
for some reason this made the compiler suddenly
realize that the plain text variables are unused.
* use TargetFrameworkIdentifier
this doesn't work in Directory.Build.props, moved it to Directory.Build.targets.
* fix null reference warnings in Benchmarks
seems like the warnings were (somehow) disabled here
before and were fixed by the previous TargetFrameworkIdentifier
change.
* fix unused plainTextOffset in AesGcmCipher.BclImpl
* CI retry
* more cosmetics
* more
* update README
* Revert "use TargetFrameworkIdentifier"
This reverts commit 076ede161d.
---------
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
Co-authored-by: Robert Hague <rh@johnstreetcapital.com>
The new(-ish) implementation of SshCommand has a race condition for short-lived
commands where SSH_MSG_CHANNEL_CLOSE may be processed on the message loop thread
before SSH_MSG_CHANNEL_SUCCESS is waited upon on the Execute (main) thread. This
manifests in an ArgumentNull/NullReference exception on the wait handle because
the channel has already been closed and disposed.
Fix this by only delaying the channel dispose until the command dispose.
We currently don't recognise any global requests from the server, but if one is
sent, then per RFC 4253 section 4 we still need to reply when the server expects
one. So send SSH_MSG_REQUEST_FAILURE in this case.
* Bump coverlet.collector from 6.0.2 to 6.0.4
Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.2 to 6.0.4.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](https://github.com/coverlet-coverage/coverlet/compare/v6.0.2...v6.0.4)
---
updated-dependencies:
- dependency-name: coverlet.collector
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* update test deps
* update test deps
* some fixes
* group dependencies
* analyzer fixes
* just group them all together
* more cleanup
* silent analyzers -> suggestion
* restore constant
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Robert Hague <rh@johnstreetcapital.com>
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* Move IDisposable implementation declaration from inheritees to parent AuthenticationMethod
* Move common Dispose code to AuthenticationMethod class
* Remove unnecessary finalizers
* just move the definition
---------
Co-authored-by: Michał Drzymała <michalxdrzymala@gmail.com>
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
DSA is removed at compile time from OpenSSH 9.8 and higher.
That means we can no longer test it in our integration tests. It seems like a
good time to remove it. From the OpenSSH release notes:
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.
* Use System.Security.Cryptography in DesCipher and TripleDesCipher; Fall back to use BouncyCastle if BCL doesn't support
* Drop DesCipher; Replace PKCS7Padding with BouncyCastle's implementation.
* Restore `CbcCipherMode`
* Restore AesCipherMode; Use BlockImpl instead of BouncyCastleImpl for 3DES-CFB on lower targets.
* Restore the xml doc comment
* Tighten private key checking to reveal padding issue
* `Encrypt` should take into account padding for length of `inputBuffer` passed to `EncryptBlock` if padding is specified, no matter input is divisible or not.
* `Decrypt` should take into account unpadding for the final output if padding is specified.
* `Decrypt` should take into account *manual* padding for length of `inputBuffer` passed to `DecryptBlock` and unpadding for the final output if padding is not specified and mode is CFB or OFB.
* `Encrypt` should take into account *manual* padding for length of `inputBuffer` passed to `EncryptBlock` and unpadding for the final output if padding is not specified and mode is CFB or OFB.
* Rectify DES cipher tests. There's no padding in the data.
* Borrow `PadCount` method from BouncyCastle
* Manually pad input in CTR mode as well. Update AesCipherTest.
Co-Authored-By: Rob Hague <5132141+Rob-Hague@users.noreply.github.com>
* Manually pad/unpad for Aes CFB/OFB mode
* Update test/Renci.SshNet.Tests/Classes/Security/Cryptography/Ciphers/AesCipherTest.Gen.cs.txt
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* Re-generate AES cipher tests
---------
Co-authored-by: Rob Hague <5132141+Rob-Hague@users.noreply.github.com>
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* Drop net7.0 target
.NET 7 is EOL since May. The only .NET 7 features we use are
`ObjectDisposedException.ThrowIf` (moved to a throw helper) and
some newer regex features.
This feels a bit weird, but I suppose it is the expected course of action.
* fix build warning-as-error which is suddenly appearing on net6.0
IsAotCompatible not supported on net6.0
---------
Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com>
* Replace DiagnosticAbstrations with Microsoft.Extensions.Logging.Abstractions
* add documentation
* reduce allocations by SessionId hex conversion
generate the hex string once instead of every log
call and optimize ToHex().
* Update docfx/logging.md
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
* reduce log levels
* hook up testcontainers logging
* drop packet logs further down to trace
* add kex traces
---------
Co-authored-by: Rob Hague <rob.hague00@gmail.com>
dependabot[bot]