diff --git a/Sources/NIOSSH/TransportProtection/AESGCM.swift b/Sources/NIOSSH/TransportProtection/AESGCM.swift index 36b1fae..429d298 100644 --- a/Sources/NIOSSH/TransportProtection/AESGCM.swift +++ b/Sources/NIOSSH/TransportProtection/AESGCM.swift @@ -99,7 +99,7 @@ extension AESGCMTransportProtection: NIOSSHTransportProtection { } // Ok, let's try to decrypt this data. - let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: self.inboundNonce), ciphertext: ciphertextView, tag: tagView) + let sealedBox = try AES.GCM.SealedBox(nonce: self.inboundNonce, ciphertext: ciphertextView, tag: tagView) plaintext = try AES.GCM.open(sealedBox, using: self.inboundEncryptionKey, authenticating: lengthView) // All good! A quick soundness check to verify that the length of the plaintext is ok. @@ -342,3 +342,18 @@ extension Data { self = self[contentStartIndex ..< contentEndIndex] } } + +extension AES.GCM.SealedBox { + fileprivate init(nonce: SSHAESGCMNonce, ciphertext: ByteBufferView, tag: ByteBufferView) throws { + // As a workaround for a Swift Crypto inefficiency, we create the combined representation + // directly. + var combined: [UInt8] = [] + combined.reserveCapacity(nonce.count + ciphertext.count + tag.count) + + combined.append(contentsOf: nonce) + combined.append(contentsOf: ciphertext) + combined.append(contentsOf: tag) + + try self.init(combined: combined) + } +} diff --git a/docker/docker-compose.2004.55.yaml b/docker/docker-compose.2004.55.yaml index b8bba2d..01abdac 100644 --- a/docker/docker-compose.2004.55.yaml +++ b/docker/docker-compose.2004.55.yaml @@ -12,9 +12,9 @@ services: test: image: swift-nio-ssh:20.04-5.5 environment: - - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=270900 - - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1158050 - - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65150 + - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=240900 + - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1108050 + - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55100 #- SANITIZER_ARG=--sanitize=thread #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors diff --git a/docker/docker-compose.2004.56.yaml b/docker/docker-compose.2004.56.yaml index 04746f7..130e268 100644 --- a/docker/docker-compose.2004.56.yaml +++ b/docker/docker-compose.2004.56.yaml @@ -12,9 +12,9 @@ services: test: image: swift-nio-ssh:20.04-5.6 environment: - - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=267850 - - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1100050 - - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65100 + - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=237850 + - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1050050 + - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55050 #- SANITIZER_ARG=--sanitize=thread #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors diff --git a/docker/docker-compose.2204.57.yaml b/docker/docker-compose.2204.57.yaml index d36ecbb..545b277 100644 --- a/docker/docker-compose.2204.57.yaml +++ b/docker/docker-compose.2204.57.yaml @@ -12,9 +12,9 @@ services: test: image: swift-nio-ssh:22.04-5.7 environment: - - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=255850 - - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1068050 - - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=61050 + - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=225800 + - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1018050 + - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=51000 #- SANITIZER_ARG=--sanitize=thread #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors diff --git a/docker/docker-compose.2204.58.yaml b/docker/docker-compose.2204.58.yaml index b85b25e..a7c8ee7 100644 --- a/docker/docker-compose.2204.58.yaml +++ b/docker/docker-compose.2204.58.yaml @@ -11,9 +11,9 @@ services: test: image: swift-nio-ssh:22.04-5.8 environment: - - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850 - - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050 - - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050 + - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800 + - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050 + - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000 - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error #- SANITIZER_ARG=--sanitize=thread - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors diff --git a/docker/docker-compose.2204.main.yaml b/docker/docker-compose.2204.main.yaml index 2605321..53b0aaa 100644 --- a/docker/docker-compose.2204.main.yaml +++ b/docker/docker-compose.2204.main.yaml @@ -11,9 +11,9 @@ services: test: image: swift-nio-ssh:22.04-main environment: - - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850 - - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050 - - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050 + - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800 + - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050 + - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000 - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error #- SANITIZER_ARG=--sanitize=thread - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors