Support cipher chacha20-poly1305@openssh.com (#682)

* Added cipher chacha20-poly1305@openssh.com * Small refactoring and remove mutable static buffer Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
2025-12-08 08:10:55 +03:00 · 2021-04-20 16:22:11 +02:00
parent e283880e49
commit 16db0365d3
11 changed files with 343 additions and 10 deletions
--- a/src/main/java/net/schmizz/sshj/transport/Decoder.java
+++ b/src/main/java/net/schmizz/sshj/transport/Decoder.java
@@ -145,6 +145,7 @@ final class Decoder
    }

    private int decryptLengthAAD() throws TransportException {
+        cipher.setSequenceNumber(seq + 1 & 0xffffffffL);
        cipher.updateAAD(inputBuffer.array(), 0, 4);

        final int len;
@@ -185,10 +186,6 @@ final class Decoder
        }
    }

-//    private void decryptPayload(final byte[] data, int offset, int length) {
-//        cipher.update(data, cipherSize, packetLength + 4 - cipherSize);
-//    }
-
    /**
     * Adds {@code len} bytes from {@code b} to the decoder buffer. When a packet has been successfully decoded, hooks
     * in to {@link SSHPacketHandler#handle} of the {@link SSHPacketHandler} this decoder was initialized with.
--- a/src/main/java/net/schmizz/sshj/transport/Encoder.java
+++ b/src/main/java/net/schmizz/sshj/transport/Encoder.java
@@ -57,8 +57,6 @@ final class Encoder
     * @param buffer the buffer to encode
     *
     * @return the sequence no. of encoded packet
-     *
-     * @throws TransportException
     */
    long encode(SSHPacket buffer) {
        encodeLock.lock();
@@ -140,11 +138,12 @@ final class Encoder
        }
    }

-    protected void aeadOutgoingBuffer(Buffer buf, int offset, int len) {
+    protected void aeadOutgoingBuffer(Buffer<?> buf, int offset, int len) {
        if (cipher == null || cipher.getAuthenticationTagSize() == 0) {
            throw new IllegalArgumentException("AEAD mode requires an AEAD cipher");
        }
        byte[] data = buf.array();
+        cipher.setSequenceNumber(seq);
        cipher.updateWithAAD(data, offset, 4, len);
    }

--- a/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
@@ -113,4 +113,9 @@ public abstract class BaseCipher
        updateAAD(input, offset, aadLen);
        update(input, offset + aadLen, inputLen);
    }
+
+    @Override
+    public void setSequenceNumber(long seq) {
+
+    }
 }
--- a/src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java
@@ -78,4 +78,6 @@ public interface Cipher {
     * @param  inputLen  The number of bytes to update - starting at offset + aadLen
     */
    void updateWithAAD(byte[] input, int offset, int aadLen, int inputLen);
+
+    void setSequenceNumber(long seq);
 }
--- a/src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java
@@ -73,4 +73,9 @@ public class NoneCipher
    public void updateWithAAD(byte[] input, int offset, int aadLen, int inputLen) {

    }
+
+    @Override
+    public void setSequenceNumber(long seq) {
+
+    }
 }