Merge branch 'develop' into bcl-ciphermode

Author: scott-xu

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/test/Renci.SshNet.IntegrationTests/"
+    schedule:
+      interval: "weekly"

README.md

@@ -82,6 +82,9 @@ The main types provided by this library are:
 ## Key Exchange Methods
 
 **SSH.NET** supports the following key exchange methods:
+* mlkem768x25519-sha256
+* sntrup761x25519-sha512
+* sntrup761x25519-sha512<span></span>@openssh.com
 * curve25519-sha256
 * curve25519-sha256<span></span>@libssh.org
 * ecdh-sha2-nistp256

src/Renci.SshNet/AuthenticationMethod.cs

@@ -7,7 +7,7 @@ namespace Renci.SshNet
     /// <summary>
     /// Base class for all supported authentication methods.
     /// </summary>
-    public abstract class AuthenticationMethod : IAuthenticationMethod
+    public abstract class AuthenticationMethod : IAuthenticationMethod, IDisposable
     {
         /// <summary>
         /// Gets the name of the authentication method.
@@ -61,5 +61,23 @@ AuthenticationResult IAuthenticationMethod.Authenticate(ISession session)
         {
             return Authenticate((Session)session);
         }
+
+        /// <summary>
+        /// Releases unmanaged and - optionally - managed resources.
+        /// </summary>
+        /// <param name="disposing">
+        /// <see langword="true"/> to release both managed and unmanaged resources;
+        /// <see langword="false"/> to release only unmanaged resources.
+        /// </param>
+        protected virtual void Dispose(bool disposing)
+        {
+        }
+
+        /// <inheritdoc/>
+        public void Dispose()
+        {
+            Dispose(disposing: true);
+            GC.SuppressFinalize(this);
+        }
     }
 }

src/Renci.SshNet/ConnectionInfo.cs

@@ -349,6 +349,7 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
 
             KeyExchangeAlgorithms = new Dictionary<string, Func<IKeyExchange>>
                 {
+                    { "mlkem768x25519-sha256", () => new KeyExchangeMLKem768X25519Sha256() },
                     { "sntrup761x25519-sha512", () => new KeyExchangeSNtruP761X25519Sha512() },
                     { "sntrup761x25519-sha512@openssh.com", () => new KeyExchangeSNtruP761X25519Sha512() },
                     { "curve25519-sha256", () => new KeyExchangeECCurve25519() },
@@ -407,7 +408,6 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
             hostAlgs.Add("rsa-sha2-512", data => { var key = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-512", key, new RsaDigitalSignature(key, HashAlgorithmName.SHA512)); });
             hostAlgs.Add("rsa-sha2-256", data => { var key = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-256", key, new RsaDigitalSignature(key, HashAlgorithmName.SHA256)); });
             hostAlgs.Add("ssh-rsa", data => new KeyHostAlgorithm("ssh-rsa", new RsaKey(new SshKeyData(data))));
-            hostAlgs.Add("ssh-dss", data => new KeyHostAlgorithm("ssh-dss", new DsaKey(new SshKeyData(data))));
 #pragma warning restore SA1107 // Code should not contain multiple statements on one line
             HostKeyAlgorithms = hostAlgs;
 

src/Renci.SshNet/ForwardedPortDynamic.cs

@@ -40,7 +40,7 @@ public class ForwardedPortDynamic : ForwardedPort
         /// <summary>
         /// Gets the bound port.
         /// </summary>
-        public uint BoundPort { get; }
+        public uint BoundPort { get; private set; }
 
         private Socket _listener;
         private CountdownEvent _pendingChannelCountdown;
@@ -168,6 +168,9 @@ private void InternalStart()
             _listener.Bind(ep);
             _listener.Listen(5);
 
+            // update bound port (in case original was passed as zero)
+            BoundPort = (uint)((IPEndPoint)_listener.LocalEndPoint).Port;
+
             Session.ErrorOccured += Session_ErrorOccured;
             Session.Disconnected += Session_Disconnected;
 

src/Renci.SshNet/KeyboardInteractiveAuthenticationMethod.cs

@@ -13,7 +13,7 @@ namespace Renci.SshNet
     /// <summary>
     /// Provides functionality to perform keyboard interactive authentication.
     /// </summary>
-    public class KeyboardInteractiveAuthenticationMethod : AuthenticationMethod, IDisposable
+    public class KeyboardInteractiveAuthenticationMethod : AuthenticationMethod
     {
         private readonly RequestMessageKeyboardInteractive _requestMessage;
         private AuthenticationResult _authenticationResult = AuthenticationResult.Failure;
@@ -151,20 +151,8 @@ private void Session_UserAuthenticationInformationRequestReceived(object sender,
                 });
         }
 
-        /// <summary>
-        /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
-        /// </summary>
-        public void Dispose()
-        {
-            Dispose(disposing: true);
-            GC.SuppressFinalize(this);
-        }
-
-        /// <summary>
-        /// Releases unmanaged and - optionally - managed resources.
-        /// </summary>
-        /// <param name="disposing"><see langword="true"/> to release both managed and unmanaged resources; <see langword="false"/> to release only unmanaged resources.</param>
-        protected virtual void Dispose(bool disposing)
+        /// <inheritdoc/>
+        protected override void Dispose(bool disposing)
         {
             if (_isDisposed)
             {
@@ -182,6 +170,8 @@ protected virtual void Dispose(bool disposing)
 
                 _isDisposed = true;
             }
+
+            base.Dispose(disposing);
         }
     }
 }

src/Renci.SshNet/KeyboardInteractiveConnectionInfo.cs

@@ -162,12 +162,9 @@ protected virtual void Dispose(bool disposing)
             {
                 if (AuthenticationMethods != null)
                 {
-                    foreach (var authenticationMethods in AuthenticationMethods)
+                    foreach (var authenticationMethod in AuthenticationMethods)
                     {
-                        if (authenticationMethods is IDisposable disposable)
-                        {
-                            disposable.Dispose();
-                        }
+                        authenticationMethod.Dispose();
                     }
                 }
 

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhInitMessage.cs

@@ -3,7 +3,7 @@
 namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
-    /// Represents SSH_MSG_KEXECDH_INIT message.
+    /// Represents SSH_MSG_KEX_ECDH_INIT message.
     /// </summary>
     internal sealed class KeyExchangeEcdhInitMessage : Message, IKeyExchangedAllowed
     {

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhReplyMessage.cs

@@ -1,7 +1,7 @@
 namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
-    /// Represents SSH_MSG_KEXECDH_REPLY message.
+    /// Represents SSH_MSG_KEX_ECDH_REPLY message.
     /// </summary>
     public class KeyExchangeEcdhReplyMessage : Message
     {

src/Renci.SshNet/Messages/Transport/KeyExchangeHybridInitMessage.cs

@@ -0,0 +1,85 @@
+using System;
+
+namespace Renci.SshNet.Messages.Transport
+{
+    /// <summary>
+    /// Represents SSH_MSG_KEX_HYBRID_INIT message.
+    /// </summary>
+    internal sealed class KeyExchangeHybridInitMessage : Message, IKeyExchangedAllowed
+    {
+        /// <inheritdoc />
+        public override string MessageName
+        {
+            get
+            {
+                return "SSH_MSG_KEX_HYBRID_INIT";
+            }
+        }
+
+        /// <inheritdoc />
+        public override byte MessageNumber
+        {
+            get
+            {
+                return 30;
+            }
+        }
+
+        /// <summary>
+        /// Gets the client init data.
+        /// </summary>
+        /// <remarks>
+        /// The init data is the concatenation of C_PK2 and C_PK1 (C_INIT = C_PK2 || C_PK1, where || depicts concatenation).
+        /// C_PK1 and C_PK2 represent the ephemeral client public keys used for each key exchange of the PQ/T Hybrid mechanism.
+        /// Typically, C_PK1 represents a traditional / classical (i.e., ECDH) key exchange public key.
+        /// C_PK2 represents the 'pk' output of the corresponding post-quantum KEM's 'KeyGen' at the client.
+        /// </remarks>
+        public byte[] CInit { get; private set; }
+
+        /// <summary>
+        /// Gets the size of the message in bytes.
+        /// </summary>
+        /// <value>
+        /// The size of the messages in bytes.
+        /// </value>
+        protected override int BufferCapacity
+        {
+            get
+            {
+                var capacity = base.BufferCapacity;
+                capacity += 4; // CInit length
+                capacity += CInit.Length; // CInit
+                return capacity;
+            }
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="KeyExchangeHybridInitMessage"/> class.
+        /// </summary>
+        public KeyExchangeHybridInitMessage(byte[] init)
+        {
+            CInit = init;
+        }
+
+        /// <summary>
+        /// Called when type specific data need to be loaded.
+        /// </summary>
+        protected override void LoadData()
+        {
+            CInit = ReadBinary();
+        }
+
+        /// <summary>
+        /// Called when type specific data need to be saved.
+        /// </summary>
+        protected override void SaveData()
+        {
+            WriteBinaryString(CInit);
+        }
+
+        internal override void Process(Session session)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}