Merge branch 'develop' into bcl-ciphermode

Author: scott-xu

CONTRIBUTING.md

@@ -41,3 +41,11 @@ The tests always log to the console. See the [Logging documentation](https://ssh
 ### Wireshark
 
 Wireshark is able to dissect initial connection packets, such as key exchange, before encryption happens. Enter "ssh" as the display filter. See https://wiki.wireshark.org/SSH.md for more information.
+
+The Debug build of SSH.NET has helpers to also allow dissection of the encrypted traffic by dumping the session keys in a format that Wireshark understands. Set a value for `SshNetLoggingConfiguration.WiresharkKeyLogFilePath` before connecting, and supply the same value to Wireshark in Edit -> Preferences -> Protocols -> SSH -> "Key log filename".
+
+```c#
+using Renci.SshNet;
+
+SshNetLoggingConfiguration.WiresharkKeyLogFilePath = @"C:\tmp\sshkeylogfile.txt";
+```

Directory.Build.props

@@ -9,6 +9,7 @@
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)Renci.SshNet.snk</AssemblyOriginatorKeyFile>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <EnablePackageValidation>true</EnablePackageValidation>
     <LangVersion>latest</LangVersion>
     <WarningLevel>9999</WarningLevel>
   </PropertyGroup>

README.md

@@ -8,12 +8,12 @@ SSH.NET is a Secure Shell (SSH-2) library for .NET, optimized for parallelism.
 
 ## Key Features
 
-* Execution of SSH command using both synchronous and asynchronous methods
+* Execution of SSH commands using both synchronous and asynchronous methods
 * SFTP functionality for both synchronous and asynchronous operations
 * SCP functionality
-* Remote, dynamic and local port forwarding 
+* Remote, dynamic and local port forwarding
 * Interactive shell/terminal implementation
-* Authentication via publickey, password and keyboard-interactive methods, including multi-factor
+* Authentication via public key, password and keyboard-interactive methods, including multi-factor
 * Connection via SOCKS4, SOCKS5 or HTTP proxy
 
 ## How to Use
@@ -52,12 +52,12 @@ using (var client = new SftpClient("sftp.foo.com", "guest", "pwd"))
 
 The main types provided by this library are:
 
-* Renci.SshNet.SshClient
-* Renci.SshNet.SftpClient
-* Renci.SshNet.ScpClient
-* Renci.SshNet.PrivateKeyFile
-* Renci.SshNet.SshCommand
-* Renci.SshNet.ShellStream
+* [Renci.SshNet.SshClient](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.SshClient.html)
+* [Renci.SshNet.SftpClient](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.SftpClient.html)
+* [Renci.SshNet.PrivateKeyFile](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.PrivateKeyFile.html)
+* [Renci.SshNet.SshCommand](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.SshCommand.html)
+* [Renci.SshNet.ForwardedPort](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.ForwardedPort.html)
+* [Renci.SshNet.ShellStream](https://sshnet.github.io/SSH.NET/api/Renci.SshNet.ShellStream.html)
 
 ## Additional Documentation
 
@@ -106,11 +106,6 @@ The main types provided by this library are:
   * ssh.com format ("BEGIN SSH2 ENCRYPTED PRIVATE KEY")
   * OpenSSH key format ("BEGIN OPENSSH PRIVATE KEY")
   * PuTTY private key format ("PuTTY-User-Key-File-2", "PuTTY-User-Key-File-3")
-* DSA in
-  * OpenSSL traditional PEM format ("BEGIN DSA PRIVATE KEY")
-  * OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
-  * ssh.com format ("BEGIN SSH2 ENCRYPTED PRIVATE KEY")
-  * PuTTY private key format ("PuTTY-User-Key-File-2", "PuTTY-User-Key-File-3")
 * ECDSA 256/384/521 in
   * OpenSSL traditional PEM format ("BEGIN EC PRIVATE KEY")
   * OpenSSL PKCS#8 PEM format ("BEGIN PRIVATE KEY", "BEGIN ENCRYPTED PRIVATE KEY")
@@ -157,7 +152,8 @@ Private keys in PuTTY private key format can be encrypted using the following ci
 * rsa-sha2-512
 * rsa-sha2-256
 * ssh-rsa
-* ssh-dss
+
+OpenSSH certificate authentication is supported for all of the above, e.g. ssh-ed25519-cert-v01<span></span>@openssh.com.
 
 ## Message Authentication Code
 
@@ -186,17 +182,17 @@ Private keys in PuTTY private key format can be encrypted using the following ci
 
 The library has no special requirements to build, other than an up-to-date .NET SDK. See also [CONTRIBUTING.md](https://github.com/sshnet/SSH.NET/blob/develop/CONTRIBUTING.md).
 
-## Using Pre-Release NuGet Package
+## Using Pre-Release NuGet Packages
 
-If you need an unreleased bugfix or feature, you can use the Pre-Release NuGet packages from the `develop` branch which are published to the [GitHub NuGet Registry](https://github.com/sshnet/SSH.NET/pkgs/nuget/SSH.NET).
-In order to pull packages from the registry you first have to create a Personal Access Token with the `read:packages` permissions. Then add a NuGet Source for SSH.NET:
-
-Note: you may have to add `--store-password-in-clear-text` on non-Windows platforms.
+Pre-release NuGet packages are published from the `develop` branch to the [GitHub NuGet Registry](https://github.com/sshnet/SSH.NET/pkgs/nuget/SSH.NET).
+In order to pull packages from the registry, create a Personal Access Token with the `read:packages` permissions. Then add a package source for SSH.NET:
 
 ```
 dotnet nuget add source --name SSH.NET --username <username> --password <personalaccesstoken> https://nuget.pkg.github.com/sshnet/index.json
 ```
 
+Note: you may have to add `--store-password-in-clear-text` on non-Windows platforms.
+
 Then you can add the the package as described [here](https://github.com/sshnet/SSH.NET/pkgs/nuget/SSH.NET).
 
 ## Supporting SSH.NET

docfx/toc.yml

@@ -4,3 +4,5 @@
   href: examples.md
 - name: API
   href: api/
+- name: Logging
+  href: logging.md

src/Renci.SshNet/Abstractions/StreamExtensions.cs

@@ -1,4 +1,5 @@
 #if NETFRAMEWORK || NETSTANDARD2_0
+using System;
 using System.IO;
 using System.Threading.Tasks;
 
@@ -8,8 +9,15 @@ internal static class StreamExtensions
     {
         public static ValueTask DisposeAsync(this Stream stream)
         {
-            stream.Dispose();
-            return default;
+            try
+            {
+                stream.Dispose();
+                return default;
+            }
+            catch (Exception exc)
+            {
+                return new ValueTask(Task.FromException(exc));
+            }
         }
     }
 }

src/Renci.SshNet/Common/ArrayBuffer.cs

@@ -0,0 +1,200 @@
+#pragma warning disable
+// Copied verbatim from https://github.com/dotnet/runtime/blob/d2650b6ae7023a2d9d2c74c56116f1f18472ab04/src/libraries/Common/src/System/Net/ArrayBuffer.cs
+
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Buffers;
+using System.Diagnostics;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+namespace System.Net
+{
+    // Warning: Mutable struct!
+    // The purpose of this struct is to simplify buffer management.
+    // It manages a sliding buffer where bytes can be added at the end and removed at the beginning.
+    // [ActiveSpan/Memory] contains the current buffer contents; these bytes will be preserved
+    // (copied, if necessary) on any call to EnsureAvailableBytes.
+    // [AvailableSpan/Memory] contains the available bytes past the end of the current content,
+    // and can be written to in order to add data to the end of the buffer.
+    // Commit(byteCount) will extend the ActiveSpan by [byteCount] bytes into the AvailableSpan.
+    // Discard(byteCount) will discard [byteCount] bytes as the beginning of the ActiveSpan.
+
+    [StructLayout(LayoutKind.Auto)]
+    internal struct ArrayBuffer : IDisposable
+    {
+#if NET
+        private static int ArrayMaxLength => Array.MaxLength;
+#else
+        private const int ArrayMaxLength = 0X7FFFFFC7;
+#endif
+
+        private readonly bool _usePool;
+        private byte[] _bytes;
+        private int _activeStart;
+        private int _availableStart;
+
+        // Invariants:
+        // 0 <= _activeStart <= _availableStart <= bytes.Length
+
+        public ArrayBuffer(int initialSize, bool usePool = false)
+        {
+            Debug.Assert(initialSize > 0 || usePool);
+
+            _usePool = usePool;
+            _bytes = initialSize == 0
+                ? Array.Empty<byte>()
+                : usePool ? ArrayPool<byte>.Shared.Rent(initialSize) : new byte[initialSize];
+            _activeStart = 0;
+            _availableStart = 0;
+        }
+
+        public ArrayBuffer(byte[] buffer)
+        {
+            Debug.Assert(buffer.Length > 0);
+
+            _usePool = false;
+            _bytes = buffer;
+            _activeStart = 0;
+            _availableStart = 0;
+        }
+
+        public void Dispose()
+        {
+            _activeStart = 0;
+            _availableStart = 0;
+
+            byte[] array = _bytes;
+            _bytes = null!;
+
+            if (array is not null)
+            {
+                ReturnBufferIfPooled(array);
+            }
+        }
+
+        // This is different from Dispose as the instance remains usable afterwards (_bytes will not be null).
+        public void ClearAndReturnBuffer()
+        {
+            Debug.Assert(_usePool);
+            Debug.Assert(_bytes is not null);
+
+            _activeStart = 0;
+            _availableStart = 0;
+
+            byte[] bufferToReturn = _bytes;
+            _bytes = Array.Empty<byte>();
+            ReturnBufferIfPooled(bufferToReturn);
+        }
+
+        public int ActiveLength => _availableStart - _activeStart;
+        public Span<byte> ActiveSpan => new Span<byte>(_bytes, _activeStart, _availableStart - _activeStart);
+        public ReadOnlySpan<byte> ActiveReadOnlySpan => new ReadOnlySpan<byte>(_bytes, _activeStart, _availableStart - _activeStart);
+        public Memory<byte> ActiveMemory => new Memory<byte>(_bytes, _activeStart, _availableStart - _activeStart);
+
+        public int AvailableLength => _bytes.Length - _availableStart;
+        public Span<byte> AvailableSpan => _bytes.AsSpan(_availableStart);
+        public Memory<byte> AvailableMemory => _bytes.AsMemory(_availableStart);
+        public Memory<byte> AvailableMemorySliced(int length) => new Memory<byte>(_bytes, _availableStart, length);
+
+        public int Capacity => _bytes.Length;
+        public int ActiveStartOffset => _activeStart;
+
+        public byte[] DangerousGetUnderlyingBuffer() => _bytes;
+
+        public void Discard(int byteCount)
+        {
+            Debug.Assert(byteCount <= ActiveLength, $"Expected {byteCount} <= {ActiveLength}");
+            _activeStart += byteCount;
+
+            if (_activeStart == _availableStart)
+            {
+                _activeStart = 0;
+                _availableStart = 0;
+            }
+        }
+
+        public void Commit(int byteCount)
+        {
+            Debug.Assert(byteCount <= AvailableLength);
+            _availableStart += byteCount;
+        }
+
+        // Ensure at least [byteCount] bytes to write to.
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public void EnsureAvailableSpace(int byteCount)
+        {
+            if (byteCount > AvailableLength)
+            {
+                EnsureAvailableSpaceCore(byteCount);
+            }
+        }
+
+        private void EnsureAvailableSpaceCore(int byteCount)
+        {
+            Debug.Assert(AvailableLength < byteCount);
+
+            if (_bytes.Length == 0)
+            {
+                Debug.Assert(_usePool && _activeStart == 0 && _availableStart == 0);
+                _bytes = ArrayPool<byte>.Shared.Rent(byteCount);
+                return;
+            }
+
+            int totalFree = _activeStart + AvailableLength;
+            if (byteCount <= totalFree)
+            {
+                // We can free up enough space by just shifting the bytes down, so do so.
+                Buffer.BlockCopy(_bytes, _activeStart, _bytes, 0, ActiveLength);
+                _availableStart = ActiveLength;
+                _activeStart = 0;
+                Debug.Assert(byteCount <= AvailableLength);
+                return;
+            }
+
+            int desiredSize = ActiveLength + byteCount;
+
+            if ((uint)desiredSize > ArrayMaxLength)
+            {
+                throw new OutOfMemoryException();
+            }
+
+            // Double the existing buffer size (capped at Array.MaxLength).
+            int newSize = Math.Max(desiredSize, (int)Math.Min(ArrayMaxLength, 2 * (uint)_bytes.Length));
+
+            byte[] newBytes = _usePool ?
+                ArrayPool<byte>.Shared.Rent(newSize) :
+                new byte[newSize];
+            byte[] oldBytes = _bytes;
+
+            if (ActiveLength != 0)
+            {
+                Buffer.BlockCopy(oldBytes, _activeStart, newBytes, 0, ActiveLength);
+            }
+
+            _availableStart = ActiveLength;
+            _activeStart = 0;
+
+            _bytes = newBytes;
+            ReturnBufferIfPooled(oldBytes);
+
+            Debug.Assert(byteCount <= AvailableLength);
+        }
+
+        public void Grow()
+        {
+            EnsureAvailableSpaceCore(AvailableLength + 1);
+        }
+
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        private void ReturnBufferIfPooled(byte[] buffer)
+        {
+            // The buffer may be Array.Empty<byte>()
+            if (_usePool && buffer.Length > 0)
+            {
+                ArrayPool<byte>.Shared.Return(buffer);
+            }
+        }
+    }
+}

src/Renci.SshNet/Common/Extensions.cs

@@ -19,7 +19,9 @@ namespace Renci.SshNet.Common
     /// </summary>
     internal static class Extensions
     {
+#pragma warning disable S4136 // Method overloads should be grouped together
         internal static byte[] ToArray(this ServiceName serviceName)
+#pragma warning restore S4136 // Method overloads should be grouped together
         {
             switch (serviceName)
             {
@@ -382,6 +384,28 @@ internal static bool Remove<TKey, TValue>(this Dictionary<TKey, TValue> dictiona
             value = default;
             return false;
         }
+
+        internal static ArraySegment<T> Slice<T>(this ArraySegment<T> arraySegment, int index)
+        {
+            return new ArraySegment<T>(arraySegment.Array, arraySegment.Offset + index, arraySegment.Count - index);
+        }
+
+        internal static ArraySegment<T> Slice<T>(this ArraySegment<T> arraySegment, int index, int count)
+        {
+            return new ArraySegment<T>(arraySegment.Array, arraySegment.Offset + index, count);
+        }
+
+        internal static T[] ToArray<T>(this ArraySegment<T> arraySegment)
+        {
+            if (arraySegment.Count == 0)
+            {
+                return Array.Empty<T>();
+            }
+
+            var array = new T[arraySegment.Count];
+            Array.Copy(arraySegment.Array, arraySegment.Offset, array, 0, arraySegment.Count);
+            return array;
+        }
 #endif
     }
 }