net-ssh 7.2.0 → 7.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2bf895a7938d352a745eed7114d1d0a93fae0395b1d00b34712f34522d79bea
-  data.tar.gz: 80ccfad64254bd076b8536e17a61dab87f11f975573815ad830e7708309087cc
+  metadata.gz: e941174d3093fe012c56708a9c23e0b86715e7aa0508b59c60e61279ff136fcd
+  data.tar.gz: '02289d4900c6bd52679c65d70715e1038163ba54c61bd9d8257e837305204c1a'
 SHA512:
-  metadata.gz: ec21151a75da6a5320875e1bb193855dd443ef58357e2ac42a22f2dd25814e138bf9b3a34ce0d9a96d8094ee6c919818d40da867dc2a22176a98152ed347c427
-  data.tar.gz: cf01f42c62fce31dade5490fa59cadf7fa904d7bdc420ab5eb8974d96ccf9382a683648b244966b342429bb86073630d4cfd7e4c6bfd6dae0b6189295b543e9e
+  metadata.gz: 5f9db58c86854a20d4d483129501795292ac9fcb9fe1405250536a6a66577e127ca8fbd287da888642acb2929240c7327663100abe70c0808c319b67a11ccc2a
+  data.tar.gz: 189d3ba6b2e53b0910941b7b866d0d8f18c94024f061876b20c59f35ae48bd1edbd57d313bbb35efa1f7a99878a1751ee71a49cc602bb83f0204a82feb9afac1

data/.github/workflows/ci.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        ruby-version: [2.6.10, 2.7.7, 3.0.6, 3.1.3, 3.2.1]
+        ruby-version: [2.6.10, 2.7.7, 3.0.6, 3.1.3, 3.2.1, 3.3.0]
     steps:
       - uses: actions/checkout@v3
 
@@ -39,13 +39,14 @@ jobs:
             ${{ runner.os }}-pip-v1
       - name: Bundle install
         run: |
-          gem install bundler
+          gem install bundler ${{ (startsWith(matrix.ruby-version, '2.6.') || startsWith(matrix.ruby-version, '2.7.')) && '-v 2.4.22' || '' }}
           bundle config set path 'vendor/bundle'
           bundle config set --local path 'vendor/bundle'
           bundle install --jobs 4 --retry 3 --path vendor/bundle
           BUNDLE_GEMFILE=./Gemfile.noed25519 bundle install --jobs 4 --retry 3 --path vendor/bundle
         env:
           BUNDLE_PATH: vendor/bundle
+
       
       - name: Add to etc/hosts
         run: |

data/.gitignore

@@ -8,6 +8,8 @@ pkg
 test/integration/.vagrant
 test/integration/playbook.retry
 
+lib/net/ssh/version.rb.old
+
 .byebug_history
 
 tryout

data/.rubocop_todo.yml

@@ -235,7 +235,7 @@ Lint/UselessTimes:
 # Offense count: 205
 # Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 74
+  Max: 75
 
 # Offense count: 16
 # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.

data/CHANGES.txt

@@ -1,3 +1,16 @@
+=== 7.3.0 rc0
+
+ * aes(128|256)gcm [#946]
+
+=== 7.2.2
+
+  * ruby 3.3.0: base64 fix
+
+=== 7.2.1 rc1
+
+  * feat: allow load of certkey from string [#926]
+  * fix: fix for  Socket#recv returning nil on ruby 3.3.0 [#928]
+
 === 7.2.0
 
   * Add debugging information for algorithm of pubkey in use [#918]

data/Dockerfile

@@ -1,6 +1,8 @@
 ARG RUBY_VERSION=3.1
 FROM ruby:${RUBY_VERSION}
 
+ARG BUNDLERV=
+
 RUN apt update && apt install -y openssh-server sudo netcat-openbsd \
   && useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_1' \
   && useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_2' \
@@ -20,7 +22,7 @@ COPY Gemfile net-ssh.gemspec $INSTALL_PATH/
 
 COPY lib/net/ssh/version.rb $INSTALL_PATH/lib/net/ssh/version.rb
 
-RUN gem install bundler && bundle install
+RUN gem install bundler ${BUNDLERV}  && bundle install
 
 COPY . $INSTALL_PATH/
 

data/README.md

@@ -248,6 +248,8 @@ mv gem-public_cert.pem net-ssh-public_cert.pem
 gem cert --add net-ssh-public_cert.pem
 ```
 
+or `rake cert:update_public_when_expired`
+
 ## Security contact information
 
 See [SECURITY.md](SECURITY.md)
@@ -272,6 +274,9 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 
 [![Sponsor](https://opencollective.com/net-ssh/sponsor/0/avatar.svg)](https://opencollective.com/net-ssh/sponsor/0/website)
 
+[<img src="https://github.com/net-ssh/net-ssh/assets/52435/9690bf3e-34ea-4c52-8aea-1cc4cb5bcb6d" width="320">](https://ubicloud.com)
+
+
 ## LICENSE:
 
 (The MIT License)

data/Rakefile

@@ -59,29 +59,48 @@ def change_version(&block)
   version_file = 'lib/net/ssh/version.rb'
   require_relative version_file
   pre = Net::SSH::Version::PRE
-  result = block[pre: pre]
-  raise "Version change logic should always return a pre", ArgumentError unless result.key?(:pre)
+  tiny = Net::SSH::Version::TINY
+  result = block[pre: pre, tiny: Net::SSH::Version::TINY]
+  raise ArgumentError, "Version change logic should always return a pre" unless result.key?(:pre)
 
   new_pre = result[:pre]
-  found = false
+  new_tiny = result[:tiny] || tiny
+  found = { pre: false, tiny: false }
   File.open("#{version_file}.new", "w") do |f|
     File.readlines(version_file).each do |line|
-      match = /^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
+      match =
+        if pre.nil?
+          /^(\s+PRE\s+=\s+)nil(\s*)$/.match(line)
+        else
+          /^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
+        end
       if match
         prefix = match[1]
         postfix = match[2]
-        if new_pre.nil?
-          prefix.delete_suffix!('"')
-          postfix.delete_prefix!('"')
-        end
+        prefix.delete_suffix!('"')
+        postfix.delete_prefix!('"')
         new_line = "#{prefix}#{new_pre.inspect}#{postfix}"
         puts "Changing:\n  - #{line}  + #{new_line}"
         line = new_line
-        found = true
+        found[:pre] = true
+      end
+
+      if new_tiny != tiny
+        match = /^(\s+TINY\s+=\s+)#{tiny}(\s*)$/.match(line)
+        if match
+          prefix = match[1]
+          postfix = match[2]
+          new_line = "#{prefix}#{new_tiny}#{postfix}"
+          puts "Changing:\n  - #{line}  + #{new_line}"
+          line = new_line
+          found[:tiny] = true
+        end
       end
+
       f.write(line)
     end
-    raise ArugmentError, "Cound not find line: PRE = \"#{pre}\" in #{version_file}" unless found
+    raise ArgumentError, "Cound not find line: PRE = \"#{pre}\" in #{version_file}" unless found[:pre]
+    raise ArgumentError, "Cound not find line: TINY = \"#{tiny}\" in #{version_file}" unless found[:tiny] || new_tiny == tiny
   end
 
   FileUtils.mv version_file, "#{version_file}.old"
@@ -91,20 +110,34 @@ end
 namespace :vbump do
   desc "Final release"
   task :final do
-    change_version do |pre:|
-      raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil?
-
-      { pre: nil }
+    change_version do |pre:, tiny:|
+      _ = tiny
+      if pre.nil?
+        { tiny: tiny + 1, pre: nil }
+      else
+        raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil?
+
+        { pre: nil }
+      end
     end
   end
 
   desc "Increment prerelease"
-  task :pre do
-    change_version do |pre:|
+  task :pre, [:type] do |_t, args|
+    change_version do |pre:, tiny:|
+      puts " PRE => #{pre.inspect}"
       match = /^([a-z]+)(\d+)/.match(pre)
-      raise ArgumentError, "Unexpected pre: #{pre}" if match.nil?
+      raise ArgumentError, "Unexpected pre: #{pre}" if match.nil? && args[:type].nil?
 
-      { pre: "#{match[1]}#{match[2].to_i + 1}" }
+      if match.nil? || (!args[:type].nil? && args[:type] != match[1])
+        if pre.nil?
+          { pre: "#{args[:type]}1", tiny: tiny + 1 }
+        else
+          { pre: "#{args[:type]}1" }
+        end
+      else
+        { pre: "#{match[1]}#{match[2].to_i + 1}" }
+      end
     end
   end
 end

data/docker-compose.yml

@@ -16,8 +16,10 @@ services:
       context: .
       args: 
         RUBY_VERSION: 2.7
+        BUNDLERV: "-v 2.2.28"
   ruby-2.6:
     build:
       context: .
       args: 
         RUBY_VERSION: 2.6
+        BUNDLERV: "-v 2.4.22"

data/lib/net/ssh/authentication/ed25519.rb

@@ -3,8 +3,6 @@ gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java"
 
 require 'ed25519'
 
-require 'base64'
-
 require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/authentication/pub_key_fingerprint'
 require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
@@ -46,7 +44,7 @@ module Net
             raise ArgumentError.new("Expected #{MEND} at end of private key") unless datafull.end_with?(MEND)
 
             datab64 = datafull[MBEGIN.size...-MEND.size]
-            data = Base64.decode64(datab64)
+            data = datab64.unpack1("m")
             raise ArgumentError.new("Expected #{MAGIC} at start of decoded private key") unless data.start_with?(MAGIC)
 
             buffer = Net::SSH::Buffer.new(data[MAGIC.size + 1..-1])
@@ -134,7 +132,7 @@ module Net
 
           def to_pem
             # TODO this is not pem
-            ssh_type + Base64.encode64(@verify_key.to_bytes)
+            ssh_type + [@verify_key.to_bytes].pack("m")
           end
         end
 

data/lib/net/ssh/authentication/key_manager.rb

@@ -32,6 +32,9 @@ module Net
         # The list of user key certificate files that will be examined
         attr_reader :keycert_files
 
+        # The list of user key certificate data that will be examined
+        attr_reader :keycert_data
+
         # The map of loaded identities
         attr_reader :known_identities
 
@@ -46,6 +49,7 @@ module Net
           @key_files = []
           @key_data = []
           @keycert_files = []
+          @keycert_data = []
           @use_agent = options[:use_agent] != false
           @known_identities = {}
           @agent = nil
@@ -59,6 +63,7 @@ module Net
         def clear!
           key_files.clear
           key_data.clear
+          keycert_data.clear
           known_identities.clear
           self
         end
@@ -75,6 +80,12 @@ module Net
           self
         end
 
+        # Add the given keycert_data to the list of keycerts that will be used.
+        def add_keycert_data(keycert_data_)
+          keycert_data.push(keycert_data_).uniq!
+          self
+        end
+
         # Add the given key_file to the list of keys that will be used.
         def add_key_data(key_data_)
           key_data.push(key_data_).uniq!
@@ -132,8 +143,8 @@ module Net
           end
 
           known_identity_blobs = known_identities.keys.map(&:to_blob)
-          keycert_files.each do |keycert_file|
-            keycert = KeyFactory.load_public_key(keycert_file)
+
+          keycerts.each do |keycert|
             next if known_identity_blobs.include?(keycert.to_blob)
 
             (_, corresponding_identity) = known_identities.detect { |public_key, _|
@@ -227,6 +238,12 @@ module Net
 
         private
 
+        # Load keycerts from files and data.
+        def keycerts
+          keycert_files.map { |keycert_file| KeyFactory.load_public_key(keycert_file) } +
+            keycert_data.map { |data| KeyFactory.load_data_public_key(data) }
+        end
+
         # Prepares identities from user key_files for loading, preserving their order and sources.
         def prepare_identities_from_files
           key_files.map do |file|

data/lib/net/ssh/authentication/pub_key_fingerprint.rb

@@ -32,7 +32,7 @@ module Net
           when 'MD5'
             OpenSSL::Digest.hexdigest(algorithm, blob).scan(/../).join(":")
           when 'SHA256'
-            "SHA256:#{Base64.encode64(OpenSSL::Digest.digest(algorithm, blob)).chomp.gsub(/=+\z/, '')}"
+            "SHA256:#{[OpenSSL::Digest.digest(algorithm, blob)].pack('m').chomp.gsub(/=+\z/, '')}"
           else
             raise OpenSSL::Digest::DigestError, "unsupported ssh key digest #{algorithm}"
           end

data/lib/net/ssh/authentication/session.rb

@@ -63,6 +63,7 @@ module Net
           key_manager = KeyManager.new(logger, options)
           keys.each { |key| key_manager.add(key) } unless keys.empty?
           keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
+          keycert_data.each { |data| key_manager.add_keycert_data(data) } unless keycert_data.empty?
           key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
           default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
 
@@ -154,6 +155,12 @@ module Net
           Array(options[:keycerts])
         end
 
+        # Returns an array of the keycert data that should be used when
+        # attempting any key-based authentication mechanism.
+        def keycert_data
+          Array(options[:keycert_data])
+        end
+
         # Returns an array of the key data that should be used when
         # attempting any key-based authentication mechanism.
         def key_data

data/lib/net/ssh/buffered_io.rb

@@ -61,7 +61,7 @@ module Net
       # if no data was available to be read.
       def fill(n = 8192)
         input.consume!
-        data = recv(n)
+        data = recv(n) || ""
         debug { "read #{data.length} bytes" }
         input.append(data)
         return data.length

data/lib/net/ssh/known_hosts.rb

@@ -1,6 +1,5 @@
 require 'strscan'
 require 'openssl'
-require 'base64'
 require 'delegate'
 require 'net/ssh/buffer'
 require 'net/ssh/authentication/ed25519_loader'
@@ -241,11 +240,11 @@ module Net
       def known_host_hash?(hostlist, entries)
         if hostlist.size == 1 && hostlist.first =~ /\A\|1(\|.+){2}\z/
           chunks = hostlist.first.split(/\|/)
-          salt = Base64.decode64(chunks[2])
+          salt = chunks[2].unpack1("m")
           digest = OpenSSL::Digest.new('sha1')
           entries.each do |entry|
             hmac = OpenSSL::HMAC.digest(digest, salt, entry)
-            return true if Base64.encode64(hmac).chomp == chunks[3]
+            return true if [hmac].pack("m").chomp == chunks[3]
           end
         end
         false

data/lib/net/ssh/transport/aes128_gcm.rb

@@ -0,0 +1,40 @@
+require 'net/ssh/transport/hmac/abstract'
+require 'net/ssh/transport/gcm_cipher'
+
+module Net::SSH::Transport
+  ## Implements the aes128-gcm@openssh cipher
+  class AES128_GCM
+    extend ::Net::SSH::Transport::GCMCipher
+
+    ## Implicit HMAC, do need to do anything
+    class ImplicitHMac < ::Net::SSH::Transport::HMAC::Abstract
+      def aead
+        true
+      end
+
+      def key_length
+        16
+      end
+    end
+
+    def implicit_mac
+      ImplicitHMac.new
+    end
+
+    def algo_name
+      'aes-128-gcm'
+    end
+
+    def name
+      'aes128-gcm@openssh.com'
+    end
+
+    #
+    # --- RFC 5647 ---
+    # K_LEN       AES key length                   16 octets
+    #
+    def self.key_length
+      16
+    end
+  end
+end

data/lib/net/ssh/transport/aes256_gcm.rb

@@ -0,0 +1,40 @@
+require 'net/ssh/transport/hmac/abstract'
+require 'net/ssh/transport/gcm_cipher'
+
+module Net::SSH::Transport
+  ## Implements the aes256-gcm@openssh cipher
+  class AES256_GCM
+    extend ::Net::SSH::Transport::GCMCipher
+
+    ## Implicit HMAC, do need to do anything
+    class ImplicitHMac < ::Net::SSH::Transport::HMAC::Abstract
+      def aead
+        true
+      end
+
+      def key_length
+        32
+      end
+    end
+
+    def implicit_mac
+      ImplicitHMac.new
+    end
+
+    def algo_name
+      'aes-256-gcm'
+    end
+
+    def name
+      'aes256-gcm@openssh.com'
+    end
+
+    #
+    # --- RFC 5647 ---
+    # K_LEN       AES key length                   32 octets
+    #
+    def self.key_length
+      32
+    end
+  end
+end

data/lib/net/ssh/transport/algorithms.rb

@@ -44,7 +44,11 @@ module Net
                   diffie-hellman-group14-sha256
                   diffie-hellman-group14-sha1],
 
-          encryption: %w[aes256-ctr aes192-ctr aes128-ctr],
+          encryption: %w[aes256-ctr
+                         aes192-ctr
+                         aes128-ctr
+                         aes256-gcm@openssh.com
+                         aes128-gcm@openssh.com],
 
           hmac: %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
                    hmac-sha2-512 hmac-sha2-256
@@ -492,6 +496,9 @@ module Net
               HMAC.get(hmac_server, mac_key_server, parameters)
             end
 
+          cipher_client.nonce = iv_client if mac_client.respond_to?(:aead) && mac_client.aead
+          cipher_server.nonce = iv_server if mac_server.respond_to?(:aead) && mac_client.aead
+
           session.configure_client cipher: cipher_client, hmac: mac_client,
                                    compression: normalize_compression_name(compression_client),
                                    compression_level: options[:compression_level],

data/lib/net/ssh/transport/cipher_factory.rb

@@ -1,5 +1,7 @@
 require 'openssl'
 require 'net/ssh/transport/ctr.rb'
+require 'net/ssh/transport/aes128_gcm'
+require 'net/ssh/transport/aes256_gcm'
 require 'net/ssh/transport/key_expander'
 require 'net/ssh/transport/identity_cipher'
 require 'net/ssh/transport/chacha20_poly1305_cipher_loader'
@@ -31,15 +33,15 @@ module Net
           'none' => 'none'
         }
 
-        SSH_TO_CLASS =
+        SSH_TO_CLASS = {
+          'aes256-gcm@openssh.com' => Net::SSH::Transport::AES256_GCM,
+          'aes128-gcm@openssh.com' => Net::SSH::Transport::AES128_GCM
+        }.tap do |hash|
           if Net::SSH::Transport::ChaCha20Poly1305CipherLoader::LOADED
-            {
-              'chacha20-poly1305@openssh.com' => Net::SSH::Transport::ChaCha20Poly1305Cipher
-            }
-          else
-            {
-            }
+            hash['chacha20-poly1305@openssh.com'] =
+              Net::SSH::Transport::ChaCha20Poly1305Cipher
           end
+        end
 
         # Returns true if the underlying OpenSSL library supports the given cipher,
         # and false otherwise.

data/lib/net/ssh/transport/gcm_cipher.rb

@@ -0,0 +1,207 @@
+require 'net/ssh/loggable'
+
+module Net
+  module SSH
+    module Transport
+      ## Extension module for aes(128|256)gcm ciphers
+      module GCMCipher
+        # rubocop:disable Metrics/AbcSize
+        def self.extended(orig)
+          # rubocop:disable Metrics/BlockLength
+          orig.class_eval do
+            include Net::SSH::Loggable
+
+            attr_reader   :cipher
+            attr_reader   :key
+            attr_accessor :nonce
+
+            #
+            # Semantically gcm cipher supplies the OpenSSL iv interface with a nonce
+            #   as it is not randomly generated due to being supplied from a counter.
+            # The RFC's use IV and nonce interchangeably.
+            #
+            def initialize(encrypt:, key:)
+              @cipher = OpenSSL::Cipher.new(algo_name)
+              @key    = key
+              key_len = @cipher.key_len
+              if key.size != key_len
+                error_message = "#{cipher_name}: keylength does not match"
+                error { error_message }
+                raise error_message
+              end
+              encrypt ? @cipher.encrypt : @cipher.decrypt
+              @cipher.key = key
+
+              @nonce = {
+                fixed: nil,
+                invocation_counter: 0
+              }
+            end
+
+            def update_cipher_mac(payload, _sequence_number)
+              #
+              # --- RFC 5647 7.3 ---
+              # When using AES-GCM with secure shell, the packet_length field is to
+              # be treated as additional authenticated data, not as plaintext.
+              #
+              length_data      = [payload.bytesize].pack('N')
+
+              cipher.auth_data = length_data
+
+              encrypted_data   = cipher.update(payload) << cipher.final
+
+              mac              = cipher.auth_tag
+
+              incr_nonce
+              length_data + encrypted_data + mac
+            end
+
+            #
+            # --- RFC 5647 ---
+            # uint32    packet_length;  // 0 <= packet_length < 2^32
+            #
+            def read_length(data, _sequence_number)
+              data.unpack1('N')
+            end
+
+            #
+            # --- RFC 5647 ---
+            # In AES-GCM secure shell, the inputs to the authenticated encryption
+            # are:
+            #  PT (Plain Text)
+            #      byte      padding_length; // 4 <= padding_length < 256
+            #      byte[n1]  payload;        // n1 = packet_length-padding_length-1
+            #      byte[n2]  random_padding; // n2 = padding_length
+            #  AAD (Additional Authenticated Data)
+            #      uint32    packet_length;  // 0 <= packet_length < 2^32
+            #  IV (Initialization Vector)
+            #      As described in section 7.1.
+            #  BK (Block Cipher Key)
+            #      The appropriate Encryption Key formed during the Key Exchange.
+            #
+            def read_and_mac(data, mac, _sequence_number)
+              # The authentication tag will be placed in the MAC field at the end of the packet
+
+              # OpenSSL does not verify auth tag length
+              # GCM mode allows arbitrary sizes for the auth_tag up to 128 bytes and a single
+              #   byte allows authentication to pass. If single byte auth tags are possible
+              #   an attacker would require no more than 256 attempts to forge a valid tag.
+              #
+              raise 'incorrect auth_tag length' unless mac.to_s.length == mac_length
+
+              packet_length    = data.unpack1('N')
+
+              cipher.auth_tag  = mac.to_s
+              cipher.auth_data = [packet_length].pack('N')
+
+              result = cipher.update(data[4...]) << cipher.final
+              incr_nonce
+              result
+            end
+
+            def mac_length
+              16
+            end
+
+            def block_size
+              16
+            end
+
+            def self.block_size
+              16
+            end
+
+            #
+            # --- RFC 5647 ---
+            # N_MIN       minimum nonce (IV) length        12 octets
+            # N_MAX       maximum nonce (IV) length        12 octets
+            #
+            def iv_len
+              12
+            end
+
+            #
+            # --- RFC 5288 ---
+            # Each value of the nonce_explicit MUST be distinct for each distinct
+            # invocation of the GCM encrypt function for any fixed key. Failure to
+            # meet this uniqueness requirement can significantly degrade security.
+            # The nonce_explicit MAY be the 64-bit sequence number.
+            #
+            # --- RFC 5116 ---
+            # (2.1) Applications that can generate distinct nonces SHOULD use the nonce
+            # formation method defined in Section 3.2, and MAY use any
+            # other method that meets the uniqueness requirement.
+            #
+            # (3.2) The following method to construct nonces is RECOMMENDED.
+            #
+            #  <- variable -> <- variable ->
+            #  - - - - - - -  - - - - - - -
+            # |    fixed     |    counter   |
+            #
+            # Initial octets consist of a fixed field and final octets consist of a
+            # Counter field. Implementations SHOULD support 12-octet nonces in which
+            # the Counter field is four octets long.
+            # The Counter fields of successive nonces form a monotonically increasing
+            # sequence, when those fields are regarded as unsignd integers in network
+            # byte order.
+            # The Counter part SHOULD be equal to zero for the first nonce and increment
+            # by one for each successive nonce that is generated.
+            # The Fixed field MUST remain constant for all nonces that are generated for
+            # a given encryption device.
+            #
+            # --- RFC 5647 ---
+            # The invocation field is treated as a 64-bit integer and is increment after
+            # each invocation of AES-GCM to process a binary packet.
+            # AES-GCM produces a keystream in blocks of 16-octets that is used to
+            # encrypt the plaintext. This keystream is produced by encrypting the
+            # following 16-octet data structure:
+            #
+            # uint32 fixed;              // 4 octets
+            # uint64 invocation_counter; // 8 octets
+            # unit32 block_counter;      // 4 octets
+            #
+            # The block_counter is initially set to one (1) and increment as each block
+            # of key is produced.
+            #
+            # The reader is reminded that SSH requires that the data to be encrypted
+            # MUST be padded out to a multiple of the block size (16-octets for AES-GCM).
+            #
+            def incr_nonce
+              return if nonce[:fixed].nil?
+
+              nonce[:invocation_counter] = [nonce[:invocation_counter].to_s.unpack1('B*').to_i(2) + 1].pack('Q>*')
+
+              apply_nonce
+            end
+
+            def nonce=(iv_s)
+              return if nonce[:fixed]
+
+              nonce[:fixed]              = iv_s[0...4]
+              nonce[:invocation_counter] = iv_s[4...12]
+
+              apply_nonce
+            end
+
+            def apply_nonce
+              cipher.iv = "#{nonce[:fixed]}#{nonce[:invocation_counter]}"
+            end
+
+            #
+            # --- RFC 5647 ---
+            # If AES-GCM is selected as the encryption algorithm for a given
+            # tunnel, AES-GCM MUST also be selected as the Message Authentication
+            # Code (MAC) algorithm.  Conversely, if AES-GCM is selected as the MAC
+            # algorithm, it MUST also be selected as the encryption algorithm.
+            #
+            def implicit_mac?
+              true
+            end
+          end
+        end
+        # rubocop:enable Metrics/BlockLength
+      end
+      # rubocop:enable Metrics/AbcSize
+    end
+  end
+end

data/lib/net/ssh/transport/hmac/abstract.rb

@@ -8,6 +8,18 @@ module Net
         # The base class of all OpenSSL-based HMAC algorithm wrappers.
         class Abstract
           class << self
+            def aead(*v)
+              @aead = false if !defined?(@aead)
+              if v.empty?
+                @aead = superclass.aead if @aead.nil? && superclass.respond_to?(:aead)
+                return @aead
+              elsif v.length == 1
+                @aead = v.first
+              else
+                raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
+              end
+            end
+
             def etm(*v)
               @etm = false if !defined?(@etm)
               if v.empty?
@@ -57,6 +69,10 @@ module Net
             end
           end
 
+          def aead
+            self.class.aead
+          end
+
           def etm
             self.class.etm
           end

data/lib/net/ssh/transport/packet_stream.rb

@@ -128,7 +128,7 @@ module Net
           payload = client.compress(payload)
 
           # the length of the packet, minus the padding
-          actual_length = (client.hmac.etm ? 0 : 4) + payload.bytesize + 1
+          actual_length = (client.hmac.etm || client.hmac.aead ? 0 : 4) + payload.bytesize + 1
 
           # compute the padding length
           padding_length = client.block_size - (actual_length % client.block_size)
@@ -151,7 +151,7 @@ module Net
             debug { "using encrypt-then-mac" }
 
             # Encrypt padding_length, payload, and padding. Take MAC
-            # from the unencrypted packet_lenght and the encrypted
+            # from the unencrypted packet_length and the encrypted
             # data.
             length_data = [packet_length].pack("N")
 
@@ -219,7 +219,7 @@ module Net
         # new Packet object.
         # rubocop:disable Metrics/AbcSize
         def poll_next_packet
-          aad_length = server.hmac.etm ? 4 : 0
+          aad_length = server.hmac.etm || server.hmac.aead ? 4 : 0
 
           if @packet.nil?
             minimum = server.block_size < 4 ? 4 : server.block_size

data/lib/net/ssh/transport/state.rb

@@ -125,7 +125,7 @@ module Net
           compressor.deflate(data, Zlib::SYNC_FLUSH)
         end
 
-        # Deompresses the data. If no compression is in effect, this will just return
+        # Decompresses the data. If no compression is in effect, this will just return
         # the data unmodified, otherwise it uses #decompressor to decompress the data.
         def decompress(data)
           data = data.to_s

data/lib/net/ssh/version.rb

@@ -49,7 +49,7 @@ module Net
       MAJOR = 7
 
       # The minor component of this version of the Net::SSH library
-      MINOR = 2
+      MINOR = 3
 
       # The tiny component of this version of the Net::SSH library
       TINY  = 0

data/lib/net/ssh.rb

@@ -66,7 +66,7 @@ module Net
       auth_methods bind_address compression compression_level config
       encryption forward_agent hmac host_key identity_agent remote_user
       keepalive keepalive_interval keepalive_maxcount kex keys key_data
-      keycerts languages logger paranoid password port proxy
+      keycerts keycert_data languages logger paranoid password port proxy
       rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
       known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
       host_name user properties passphrase keys_only max_pkt_size
@@ -146,6 +146,8 @@ module Net
     #   and hostbased authentication
     # * :keycerts => an array of file names of key certificates to use
     #    with publickey authentication
+    # * :keycert_data => an array of strings, which each element of the array
+    #   being a key certificate to use with publickey authentication
     # * :key_data => an array of strings, with each element of the array being
     #   a raw private key in PEM format.
     # * :keys_only => set to +true+ to use only private keys from +keys+ and

data/net-ssh-public_cert.pem

@@ -1,20 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
-c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
-MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
-wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
-x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
-lntgSDNW5+kCS8QaRsmIbzj17GKKkrsw39kiQw7FhWfJFeTjddzoZiWwc59KA/Bx
-fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
-4o8o0YO4BAnya90xgEmgOG0LCCxRhuXQFnMDuDjK2XnUe0h4/6NCn94C+z9GsQID
-AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
-M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
-HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
-ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
-XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
-3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
-ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
-v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
-6tfjgZ6OvGSScvbCMHkCE9XjonE=
+MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZuZXRz
+c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
+b20wHhcNMjQwNDAxMDk1NjIxWhcNMjUwNDAxMDk1NjIxWjBBMQ8wDQYDVQQDDAZu
+ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
+FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
+pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
+qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
+6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
+JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
+KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
+3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
+b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAfY2WbsBKwRtBep4l+Y2/84H1BKH9UVOsFxqQzYkvM2LFDyup
+UkjYf8nPSjg3mquhaiA5KSoSVUPpNDfQo+UvY3+mlxRs96ttWiUGwz27fy82rx1B
+ZnfKjsWOntemNON6asOD0mtv0xsNBfOB2VNIKW/uqHsiPpa0OaVy5uENhX+5OFan
+2P1Uy+WcMiv38RlRkn4cdEIZUFupDgKFsguYlaJy473/wsae4exUgc5bvi3Splob
+1uE/LmB/qWBVSNW8e9KDtJynhDDZBlpESyQHFQCZj6UapzxlnC46LaDncPoAtJPc
+MlWxJ8mKghIcyXc5y4cSyGypNG5BralqnvQUyg==
 -----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency('rbnacl', '~> 7.1') unless ENV['NET_SSH_NO_RBNACL']
 
+  spec.add_development_dependency "base64"
   spec.add_development_dependency "bundler", ">= 1.17"
   spec.add_development_dependency "minitest", "~> 5.19"
   spec.add_development_dependency "mocha", "~> 2.1.0"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 7.2.0
+  version: 7.3.0
 platform: ruby
 authors:
 - Jamis Buck
@@ -12,26 +12,27 @@ bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
-  c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
-  MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
-  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
-  wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
-  x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
-  lntgSDNW5+kCS8QaRsmIbzj17GKKkrsw39kiQw7FhWfJFeTjddzoZiWwc59KA/Bx
-  fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
-  4o8o0YO4BAnya90xgEmgOG0LCCxRhuXQFnMDuDjK2XnUe0h4/6NCn94C+z9GsQID
-  AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
-  M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
-  HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
-  ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
-  XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
-  3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
-  ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
-  v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
-  6tfjgZ6OvGSScvbCMHkCE9XjonE=
+  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZuZXRz
+  c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
+  b20wHhcNMjQwNDAxMDk1NjIxWhcNMjUwNDAxMDk1NjIxWjBBMQ8wDQYDVQQDDAZu
+  ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
+  pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
+  qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
+  6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
+  JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
+  KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
+  3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+  BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
+  b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
+  9w0BAQsFAAOCAQEAfY2WbsBKwRtBep4l+Y2/84H1BKH9UVOsFxqQzYkvM2LFDyup
+  UkjYf8nPSjg3mquhaiA5KSoSVUPpNDfQo+UvY3+mlxRs96ttWiUGwz27fy82rx1B
+  ZnfKjsWOntemNON6asOD0mtv0xsNBfOB2VNIKW/uqHsiPpa0OaVy5uENhX+5OFan
+  2P1Uy+WcMiv38RlRkn4cdEIZUFupDgKFsguYlaJy473/wsae4exUgc5bvi3Splob
+  1uE/LmB/qWBVSNW8e9KDtJynhDDZBlpESyQHFQCZj6UapzxlnC46LaDncPoAtJPc
+  MlWxJ8mKghIcyXc5y4cSyGypNG5BralqnvQUyg==
   -----END CERTIFICATE-----
-date: 2023-07-30 00:00:00.000000000 Z
+date: 2024-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -89,6 +90,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '7.1'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -243,12 +258,15 @@ files:
 - lib/net/ssh/test/remote_packet.rb
 - lib/net/ssh/test/script.rb
 - lib/net/ssh/test/socket.rb
+- lib/net/ssh/transport/aes128_gcm.rb
+- lib/net/ssh/transport/aes256_gcm.rb
 - lib/net/ssh/transport/algorithms.rb
 - lib/net/ssh/transport/chacha20_poly1305_cipher.rb
 - lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
 - lib/net/ssh/transport/cipher_factory.rb
 - lib/net/ssh/transport/constants.rb
 - lib/net/ssh/transport/ctr.rb
+- lib/net/ssh/transport/gcm_cipher.rb
 - lib/net/ssh/transport/hmac.rb
 - lib/net/ssh/transport/hmac/abstract.rb
 - lib/net/ssh/transport/hmac/md5.rb
@@ -289,7 +307,6 @@ files:
 - lib/net/ssh/verifiers/always.rb
 - lib/net/ssh/verifiers/never.rb
 - lib/net/ssh/version.rb
-- lib/net/ssh/version.rb.old
 - net-ssh-public_cert.pem
 - net-ssh.gemspec
 - support/ssh_tunnel_bug.rb

data/lib/net/ssh/version.rb.old

@@ -1,68 +0,0 @@
-module Net
-  module SSH
-    # A class for describing the current version of a library. The version
-    # consists of three parts: the +major+ number, the +minor+ number, and the
-    # +tiny+ (or +patch+) number.
-    #
-    # Two Version instances may be compared, so that you can test that a version
-    # of a library is what you require:
-    #
-    #   require 'net/ssh/version'
-    #
-    #   if Net::SSH::Version::CURRENT < Net::SSH::Version[2,1,0]
-    #     abort "your software is too old!"
-    #   end
-    class Version
-      include Comparable
-
-      # A convenience method for instantiating a new Version instance with the
-      # given +major+, +minor+, and +tiny+ components.
-      def self.[](major, minor, tiny, pre = nil)
-        new(major, minor, tiny, pre)
-      end
-
-      attr_reader :major, :minor, :tiny
-
-      # Create a new Version object with the given components.
-      def initialize(major, minor, tiny, pre = nil)
-        @major, @minor, @tiny, @pre = major, minor, tiny, pre
-      end
-
-      # Compare this version to the given +version+ object.
-      def <=>(version)
-        to_i <=> version.to_i
-      end
-
-      # Converts this version object to a string, where each of the three
-      # version components are joined by the '.' character. E.g., 2.0.0.
-      def to_s
-        @to_s ||= [@major, @minor, @tiny, @pre].compact.join(".")
-      end
-
-      # Converts this version to a canonical integer that may be compared
-      # against other version objects.
-      def to_i
-        @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
-      end
-
-      # The major component of this version of the Net::SSH library
-      MAJOR = 7
-
-      # The minor component of this version of the Net::SSH library
-      MINOR = 2
-
-      # The tiny component of this version of the Net::SSH library
-      TINY  = 0
-
-      # The prerelease component of this version of the Net::SSH library
-      # nil allowed
-      PRE   = "rc1"
-
-      # The current version of the Net::SSH library as a Version instance
-      CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)
-
-      # The current version of the Net::SSH library as a String
-      STRING = CURRENT.to_s
-    end
-  end
-end