Fully adopt Sendable

Sources/NIOSSH/Child Channels/ChildChannelOptions.swift

@@ -17,7 +17,7 @@ import NIOCore
 /// The various channel options specific to `SSHChildChannel`s.
 ///
 /// Please note that some of NIO's regular `ChannelOptions` are valid on `SSHChildChannel`s.
-public struct SSHChildChannelOptions {
+public struct SSHChildChannelOptions: Sendable {
     /// See: ``SSHChildChannelOptions/Types/LocalChannelIdentifierOption``.
     public static let localChannelIdentifier: SSHChildChannelOptions.Types.LocalChannelIdentifierOption = .init()
 

Sources/NIOSSH/Child Channels/ChildChannelUserEvents.swift

@@ -121,7 +121,7 @@ public enum SSHChannelRequestEvent {
     }
 
     /// A request for this session to exec a command.
-    public struct ExecRequest: Hashable {
+    public struct ExecRequest: Hashable, Sendable {
         /// The command to exec.
         public var command: String
 

Sources/NIOSSH/Connection State Machine/Operations/AcceptsUserAuthMessages.swift

@@ -19,7 +19,7 @@ protocol AcceptsUserAuthMessages {
 }
 
 /// This event indicates that server wants us to display the following message to the end user.
-public struct NIOUserAuthBannerEvent: Hashable {
+public struct NIOUserAuthBannerEvent: Hashable, Sendable {
     /// The message to be displayed to end user
     public var message: String
 
@@ -33,7 +33,7 @@ public struct NIOUserAuthBannerEvent: Hashable {
 }
 
 /// This event indicates that server accepted our response to authentication challenge. The SSH session can be considered active after this point.
-public struct UserAuthSuccessEvent: Hashable {
+public struct UserAuthSuccessEvent: Hashable, Sendable {
     public init() {}
 }
 
@@ -52,7 +52,9 @@ extension AcceptsUserAuthMessages {
         let result = try self.userAuthStateMachine.receiveServiceAccept(message)
 
         if let future = result {
-            return .possibleFutureMessage(future.map(Self.transform(_:)))
+            return .possibleFutureMessage(future.map {
+                Self.transform($0)
+            })
         } else {
             return .noMessage
         }
@@ -62,9 +64,11 @@ extension AcceptsUserAuthMessages {
         let result = try self.userAuthStateMachine.receiveUserAuthRequest(message)
 
         if let future = result {
-            var banner: SSHServerConfiguration.UserAuthBanner?
+            let banner: SSHServerConfiguration.UserAuthBanner?
             if case .server(let config) = role {
                 banner = config.banner
+            } else {
+                banner = nil
             }
 
             return .possibleFutureMessage(future.map { Self.transform($0, banner: banner) })
@@ -85,7 +89,9 @@ extension AcceptsUserAuthMessages {
         let result = try self.userAuthStateMachine.receiveUserAuthFailure(message)
 
         if let future = result {
-            return .possibleFutureMessage(future.map(Self.transform(_:)))
+            return .possibleFutureMessage(future.map {
+                Self.transform($0)
+            })
         } else {
             return .noMessage
         }

Sources/NIOSSH/GlobalRequestDelegate.swift

@@ -40,7 +40,7 @@ public enum GlobalRequest {
     /// A request from a client to a server for the server to listen on a port on the client's behalf. If accepted,
     /// the server will listen on a port, and will forward accepted connections to the client using the "forwarded-tcpip"
     /// channel type.
-    public enum TCPForwardingRequest: Equatable {
+    public enum TCPForwardingRequest: Equatable, Sendable {
         /// A request to listen on a given address.
         case listen(host: String, port: Int)
 
@@ -49,7 +49,7 @@ public enum GlobalRequest {
     }
 
     /// The data associated with a successful response to a TCP forwarding request.
-    public struct TCPForwardingResponse: Hashable {
+    public struct TCPForwardingResponse: Hashable, Sendable {
         /// If requested to listen on a port, and the port the client requested was 0, this is set to the
         /// port that was actually bound. Otherwise is nil.
         public var boundPort: Int?

Sources/NIOSSH/Key Exchange/SSHKeyExchangeResult.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-import Crypto
+@preconcurrency import Crypto
 import NIOCore
 
 /// The result of a round of key exchange.
@@ -46,7 +46,7 @@ extension KeyExchangeResult: Equatable {}
 /// Of these types, the encryption keys and the MAC keys are intended to be secret, and so
 /// we store them in the `SymmetricKey` types. The IVs do not need to be secret, and so are
 /// stored in regular heap buffers.
-public struct NIOSSHSessionKeys {
+public struct NIOSSHSessionKeys: Sendable {
     public var initialInboundIV: [UInt8]
 
     public var initialOutboundIV: [UInt8]
@@ -77,7 +77,7 @@ extension NIOSSHSessionKeys: Equatable {}
 /// hash function invocations. The output of these hash functions is truncated to an appropriate
 /// length as needed, which means we need to ensure the code doing the calculation knows how
 /// to truncate appropriately.
-public struct ExpectedKeySizes {
+public struct ExpectedKeySizes: Sendable {
     public var ivSize: Int
 
     public var encryptionKeySize: Int

Sources/NIOSSH/Keys And Signatures/NIOSSHCertifiedPublicKey.swift

@@ -242,6 +242,9 @@ public struct NIOSSHCertifiedPublicKey {
     }
 }
 
+// `NIOSSHCertifiedPublicKey` implements copy on write (CoW) and is therefore `Sendable`
+extension NIOSSHCertifiedPublicKey: @unchecked Sendable {}
+
 extension NIOSSHCertifiedPublicKey {
     /// Validates that a given certified public key is valid for usage.
     ///
@@ -400,7 +403,7 @@ extension NIOSSHCertifiedPublicKey {
     ///
     /// For extensibility purposes this is not defined as an enumeration, but instead as a `RawRepresentable` type
     /// wrapping the base type.
-    public struct CertificateType: RawRepresentable {
+    public struct CertificateType: RawRepresentable, Sendable {
         public var rawValue: UInt32
 
         public init(rawValue: UInt32) {
@@ -449,7 +452,7 @@ extension NIOSSHCertifiedPublicKey {
     /// SSH CA, and so the odds of them being uniquely owned are very high. Thus, the CoW costs are low.
     ///
     /// This all justifies moving this type into class-backed storage.
-    fileprivate class Backing {
+    fileprivate final class Backing {
         fileprivate var nonce: ByteBuffer
         fileprivate var serial: UInt64
         fileprivate var type: CertificateType

Sources/NIOSSH/Keys And Signatures/NIOSSHPrivateKey.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-import Crypto
+@preconcurrency import Crypto
 import NIOCore
 
 /// An SSH private key.
@@ -22,7 +22,7 @@ import NIOCore
 /// this key to sign data in order to validate their identity as part of user auth.
 ///
 /// Users cannot do much with this key other than construct it, but NIO uses it internally.
-public struct NIOSSHPrivateKey {
+public struct NIOSSHPrivateKey: Sendable {
     /// The actual key structure used to perform the key operations.
     internal var backingKey: BackingKey
 

Sources/NIOSSH/Keys And Signatures/NIOSSHPublicKey.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-import Crypto
+@preconcurrency import Crypto
 import Foundation
 import NIOCore
 
@@ -23,7 +23,7 @@ import NIOCore
 /// to validate users.
 ///
 /// This key is not capable of signing, only verifying.
-public struct NIOSSHPublicKey: Hashable {
+public struct NIOSSHPublicKey: Sendable, Hashable {
     /// The actual key structure used to perform the key operations.
     internal var backingKey: BackingKey
 

Sources/NIOSSH/Keys And Signatures/NIOSSHSignature.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-import Crypto
+@preconcurrency import Crypto
 import Foundation
 import NIOCore
 import NIOFoundationCompat
@@ -21,7 +21,7 @@ import NIOFoundationCompat
 ///
 /// This type is intentionally highly opaque: we don't expect users to do anything with this directly.
 /// Instead, we expect them to work with other APIs available on our opaque types.
-public struct NIOSSHSignature: Hashable {
+public struct NIOSSHSignature: Hashable, Sendable {
     internal var backingSignature: BackingSignature
 
     internal init(backingSignature: BackingSignature) {
@@ -31,7 +31,7 @@ public struct NIOSSHSignature: Hashable {
 
 extension NIOSSHSignature {
     /// The various signature types that can be used with NIOSSH.
-    internal enum BackingSignature {
+    internal enum BackingSignature: Sendable {
         case ed25519(RawBytes) // There is no structured Signature type for Curve25519, and we may want Data or ByteBuffer.
         case ecdsaP256(P256.Signing.ECDSASignature)
         case ecdsaP384(P384.Signing.ECDSASignature)

Sources/NIOSSH/NIOSSHHandler.swift

@@ -74,6 +74,9 @@ public final class NIOSSHHandler {
     }
 }
 
+@available(*, unavailable)
+extension NIOSSHHandler: Sendable {}
+
 extension NIOSSHHandler {
     enum PendingGlobalRequestResponse {
         case tcpForwarding(EventLoopPromise<GlobalRequest.TCPForwardingResponse?>)

Sources/NIOSSH/SSHEncryptablePacketPayload.swift

@@ -21,7 +21,7 @@ import NIOCore
 /// exposing too many of the internals of swift-nio-ssh to these types.
 ///
 /// This type is entirely opaque to the user: all it can do is be serialized.
-public struct NIOSSHEncryptablePayload {
+public struct NIOSSHEncryptablePayload: Sendable {
     fileprivate var message: SSHMessage
 
     internal init(message: SSHMessage) {

Sources/NIOSSH/SSHServerConfiguration.swift

@@ -56,7 +56,7 @@ extension SSHServerConfiguration {
     /// A server sends a ``UserAuthBanner`` to the client at some point during authentication.
     /// A client is obligated to display this banner to the end user, unless explicitely told
     /// to ignore banners.
-    public struct UserAuthBanner {
+    public struct UserAuthBanner: Sendable {
         // The message to be displayed by the client to the end user during authentication.
         // Note that control characters contained in the message might be filtered by
         // the client in accordance with RFC 4252.

Sources/NIOSSH/User Authentication/SimplePasswordDelegate.swift

@@ -23,6 +23,9 @@ public final class SimplePasswordDelegate {
     }
 }
 
+@available(*, unavailable)
+extension SimplePasswordDelegate: Sendable {}
+
 extension SimplePasswordDelegate: NIOSSHClientUserAuthenticationDelegate {
     public func nextAuthenticationType(availableMethods: NIOSSHAvailableUserAuthenticationMethods, nextChallengePromise: EventLoopPromise<NIOSSHUserAuthenticationOffer?>) {
         if let authRequest = self.authRequest, availableMethods.contains(.password) {

Sources/NIOSSH/User Authentication/UserAuthenticationMethod.swift

@@ -17,7 +17,7 @@ import NIOCore
 ///
 /// User authentication in SSH proceeds in a dynamic fashion, and it is possible to require multiple forms
 /// of authentication sequentially, or to be able to accept one of many forms.
-public struct NIOSSHAvailableUserAuthenticationMethods: OptionSet {
+public struct NIOSSHAvailableUserAuthenticationMethods: OptionSet, Sendable {
     public var rawValue: UInt8
 
     public init(rawValue: UInt8) {
@@ -83,7 +83,7 @@ extension NIOSSHAvailableUserAuthenticationMethods: Hashable {}
 
 /// A specific request for user authentication. This type is the one observed from the server side. The
 /// associated client side type is ``NIOSSHUserAuthenticationOffer``.
-public struct NIOSSHUserAuthenticationRequest {
+public struct NIOSSHUserAuthenticationRequest: Sendable {
     /// The username for which the client would like to authenticate.
     public var username: String
 
@@ -98,7 +98,7 @@ public struct NIOSSHUserAuthenticationRequest {
 
 extension NIOSSHUserAuthenticationRequest {
     /// ``NIOSSHUserAuthenticationRequest/Request-swift.enum`` describes the kind of authentication attempt the client is making.
-    public enum Request {
+    public enum Request: Sendable {
         /// The client would like to perform public key authentication.
         case publicKey(PublicKey)
 
@@ -117,7 +117,7 @@ extension NIOSSHUserAuthenticationRequest {
 
 extension NIOSSHUserAuthenticationRequest.Request {
     /// Information provided by the client when attempting to perform a public-key authentication.
-    public struct PublicKey {
+    public struct PublicKey: Sendable {
         /// The user's public key.
         public var publicKey: NIOSSHPublicKey
 
@@ -127,7 +127,7 @@ extension NIOSSHUserAuthenticationRequest.Request {
     }
 
     /// Information provided by the client when attempting to perform password-based authentication.
-    public struct Password {
+    public struct Password: Sendable {
         /// The user's password.
         public var password: String
 
@@ -139,7 +139,7 @@ extension NIOSSHUserAuthenticationRequest.Request {
     /// Information provided by the client when attempting to perform host-based authentication.
     ///
     /// This method is currently unsupported by ``NIOSSH``.
-    public struct HostBased {
+    public struct HostBased: Sendable {
         init() {
             fatalError("PublicKeyRequest is currently unimplemented")
         }
@@ -158,7 +158,7 @@ extension NIOSSHUserAuthenticationRequest.Request.HostBased: Hashable {}
 
 /// A specific offer of user authentication. This type is the one used on the client side. The
 /// associated server side type is ``NIOSSHUserAuthenticationRequest``.
-public struct NIOSSHUserAuthenticationOffer {
+public struct NIOSSHUserAuthenticationOffer: Sendable {
     /// The username for which the client would like to authenticate.
     public var username: String
 
@@ -173,7 +173,7 @@ public struct NIOSSHUserAuthenticationOffer {
 
 extension NIOSSHUserAuthenticationOffer {
     /// ``NIOSSHUserAuthenticationOffer/Offer-swift.enum`` describes the kind of authentication offer the client is making.
-    public enum Offer {
+    public enum Offer: Sendable {
         /// The client would like to perform private key authentication.
         case privateKey(PrivateKey)
 
@@ -192,7 +192,7 @@ extension NIOSSHUserAuthenticationOffer {
 
 extension NIOSSHUserAuthenticationOffer.Offer {
     /// Information provided by the client when attempting to perform private key authentication.
-    public struct PrivateKey {
+    public struct PrivateKey: Sendable {
         /// The client's private key.
         ///
         /// This is not sent to the server, but is used by ``NIOSSH`` to respond to auth challenges.
@@ -215,7 +215,7 @@ extension NIOSSHUserAuthenticationOffer.Offer {
     }
 
     /// Information provided by the client when attempting to perform password-based authentication.
-    public struct Password {
+    public struct Password: Sendable {
         /// The client's password.
         public var password: String
 
@@ -227,7 +227,7 @@ extension NIOSSHUserAuthenticationOffer.Offer {
     /// Information provided by the client when attempting to perform host-based authentication.
     ///
     /// This method is currently unsupported by ``NIOSSH``.
-    public struct HostBased {
+    public struct HostBased: Sendable {
         init() {
             fatalError("PublicKeyRequest is currently unimplemented")
         }
@@ -261,7 +261,7 @@ extension SSHMessage.UserAuthRequestMessage {
 }
 
 /// The outcome of a user authentication attempt.
-public enum NIOSSHUserAuthenticationOutcome {
+public enum NIOSSHUserAuthenticationOutcome: Sendable {
     /// The authentication attempt succeeded and the client is authenticated.
     case success