This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit 53f06e1f3c1dc3ac65be62e1702ba0fec3e05add
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Fri Jul 9 16:29:28 2021 +0200

    Revert "[SSHD-1017] Add support for chacha20-poly1...@openssh.com"
    
    This reverts commit e6e88075ce4fb26190a8b59ec4c0b1da338e2008.
    
    The chacha20-poly1305 cipher implementation from PR 176[1] evidently
    causes KEX failures, at least with a ecdsa-sha2-nistp256 key/signature.
    See SSHD-1191.[2]
    
    [1] https://github.com/apache/mina-sshd/pull/176
    [2] https://issues.apache.org/jira/browse/SSHD-1191
---
 .../apache/sshd/common/cipher/BaseGCMCipher.java   |   2 +-
 .../apache/sshd/common/cipher/BuiltinCiphers.java  |   7 -
 .../apache/sshd/common/cipher/ChaCha20Cipher.java  | 279 ---------------------
 .../org/apache/sshd/common/mac/Poly1305Mac.java    | 270 --------------------
 .../sshd/common/cipher/ChaCha20CipherTest.java     |  59 -----
 .../java/org/apache/sshd/common/BaseBuilder.java   |   1 -
 .../common/session/helpers/AbstractSession.java    |   9 +-
 7 files changed, 2 insertions(+), 625 deletions(-)

diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java 
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
index 501de14..d1b3191 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
@@ -74,7 +74,7 @@ public class BaseGCMCipher extends BaseCipher {
     }
 
     /**
-     * Algorithm parameters for AES/GCM that assumes the IV uses an 8-byte 
counter field as its least significant bytes.
+     * Algorithm parameters for AES/GCM that assumes the IV uses an 8-byte 
counter field as its most significant bytes.
      */
     protected static class CounterGCMParameterSpec extends GCMParameterSpec {
         protected final byte[] iv;
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java 
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java
index dd92139..732901b 100644
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java
+++ 
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BuiltinCiphers.java
@@ -102,12 +102,6 @@ public enum BuiltinCiphers implements CipherFactory {
      */
     @Deprecated
     blowfishcbc(Constants.BLOWFISH_CBC, 8, 0, 16, "Blowfish", 128, 
"Blowfish/CBC/NoPadding", 8),
-    cc20p1305_openssh(Constants.CC20P1305_OPENSSH, 8, 16, 64, "ChaCha", 256, 
"ChaCha", 8) {
-        @Override
-        public Cipher create() {
-            return new ChaCha20Cipher();
-        }
-    },
     /**
      * @deprecated
      * @see        <A 
HREF="https://issues.apache.org/jira/browse/SSHD-1004";>SSHD-1004</A>
@@ -377,7 +371,6 @@ public enum BuiltinCiphers implements CipherFactory {
         public static final String ARCFOUR128 = "arcfour128";
         public static final String ARCFOUR256 = "arcfour256";
         public static final String BLOWFISH_CBC = "blowfish-cbc";
-        public static final String CC20P1305_OPENSSH = 
"chacha20-poly1...@openssh.com";
         public static final String TRIPLE_DES_CBC = "3des-cbc";
 
         private Constants() {
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java 
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java
deleted file mode 100644
index 9d4023d..0000000
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java
+++ /dev/null
@@ -1,279 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.sshd.common.cipher;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-
-import javax.crypto.AEADBadTagException;
-
-import org.apache.sshd.common.mac.Mac;
-import org.apache.sshd.common.mac.Poly1305Mac;
-import org.apache.sshd.common.util.NumberUtils;
-import org.apache.sshd.common.util.ValidateUtils;
-import org.apache.sshd.common.util.buffer.BufferUtils;
-
-/**
- * AEAD cipher based on the
- * <a 
href="https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305";>OpenSSH
- * ChaCha20-Poly1305</a> cipher extension.
- */
-public class ChaCha20Cipher implements Cipher {
-    protected final ChaChaEngine headerEngine = new ChaChaEngine();
-    protected final ChaChaEngine bodyEngine = new ChaChaEngine();
-    protected final Mac mac = new Poly1305Mac();
-    protected Mode mode;
-
-    public ChaCha20Cipher() {
-        // empty
-    }
-
-    @Override
-    public String getAlgorithm() {
-        return "ChaCha20";
-    }
-
-    @Override
-    public void init(Mode mode, byte[] key, byte[] iv) throws Exception {
-        this.mode = mode;
-
-        bodyEngine.initKey(Arrays.copyOfRange(key, 0, 32));
-        bodyEngine.initNonce(iv);
-        mac.init(bodyEngine.polyKey());
-
-        headerEngine.initKey(Arrays.copyOfRange(key, 32, 64));
-        headerEngine.initNonce(iv);
-        headerEngine.initCounter(0);
-    }
-
-    @Override
-    public void updateAAD(byte[] data, int offset, int length) throws 
Exception {
-        ValidateUtils.checkState(mode != null, "Cipher not initialized");
-        ValidateUtils.checkTrue(length == 4, "AAD only supported for encrypted 
packet length");
-
-        if (mode == Mode.Decrypt) {
-            mac.update(data, offset, length);
-        }
-
-        headerEngine.crypt(data, offset, length, data, offset);
-
-        if (mode == Mode.Encrypt) {
-            mac.update(data, offset, length);
-        }
-    }
-
-    @Override
-    public void update(byte[] input, int inputOffset, int inputLen) throws 
Exception {
-        ValidateUtils.checkState(mode != null, "Cipher not initialized");
-
-        if (mode == Mode.Decrypt) {
-            mac.update(input, inputOffset, inputLen);
-            byte[] actual = mac.doFinal();
-            if (!Mac.equals(input, inputOffset + inputLen, actual, 0, 
actual.length)) {
-                throw new AEADBadTagException("Tag mismatch");
-            }
-        }
-
-        bodyEngine.crypt(input, inputOffset, inputLen, input, inputOffset);
-
-        if (mode == Mode.Encrypt) {
-            mac.update(input, inputOffset, inputLen);
-            mac.doFinal(input, inputOffset + inputLen);
-        }
-
-        headerEngine.advanceNonce();
-        headerEngine.initCounter(0);
-        bodyEngine.advanceNonce();
-        mac.init(bodyEngine.polyKey());
-    }
-
-    @Override
-    public String getTransformation() {
-        return "ChaCha20";
-    }
-
-    @Override
-    public int getIVSize() {
-        return 8;
-    }
-
-    @Override
-    public int getAuthenticationTagSize() {
-        return 16;
-    }
-
-    @Override
-    public int getCipherBlockSize() {
-        return 8;
-    }
-
-    @Override
-    public int getKdfSize() {
-        return 64;
-    }
-
-    @Override
-    public int getKeySize() {
-        return 256;
-    }
-
-    protected static class ChaChaEngine {
-        private static final int BLOCK_BYTES = 64;
-        private static final int BLOCK_INTS = BLOCK_BYTES / Integer.BYTES;
-        private static final int KEY_OFFSET = 4;
-        private static final int KEY_BYTES = 32;
-        private static final int KEY_INTS = KEY_BYTES / Integer.BYTES;
-        private static final int COUNTER_OFFSET = 12;
-        private static final int NONCE_OFFSET = 14;
-        private static final int NONCE_BYTES = 8;
-        private static final int NONCE_INTS = NONCE_BYTES / Integer.BYTES;
-        private static final int[] ENGINE_STATE_HEADER
-                = unpackSigmaString("expand 32-byte 
k".getBytes(StandardCharsets.US_ASCII));
-
-        protected final int[] x = new int[BLOCK_INTS];
-        protected final int[] engineState = new int[BLOCK_INTS];
-        protected final byte[] nonce = new byte[NONCE_BYTES];
-        protected long initialNonce;
-
-        protected ChaChaEngine() {
-            System.arraycopy(ENGINE_STATE_HEADER, 0, engineState, 0, 4);
-        }
-
-        protected void initKey(byte[] key) {
-            unpackIntsLE(key, 0, KEY_INTS, engineState, KEY_OFFSET);
-        }
-
-        protected void initNonce(byte[] nonce) {
-            initialNonce = BufferUtils.getLong(nonce, 0, 
NumberUtils.length(nonce));
-            unpackIntsLE(nonce, 0, NONCE_INTS, engineState, NONCE_OFFSET);
-            System.arraycopy(nonce, 0, this.nonce, 0, NONCE_BYTES);
-        }
-
-        protected void advanceNonce() {
-            long counter = BufferUtils.getLong(nonce, 0, NONCE_BYTES) + 1;
-            ValidateUtils.checkState(counter != initialNonce, "Packet sequence 
number cannot be reused with the same key");
-            BufferUtils.putLong(counter, nonce, 0, NONCE_BYTES);
-            unpackIntsLE(nonce, 0, NONCE_INTS, engineState, NONCE_OFFSET);
-        }
-
-        protected void initCounter(long counter) {
-            engineState[COUNTER_OFFSET] = (int) counter;
-            engineState[COUNTER_OFFSET + 1] = (int) (counter >>> Integer.SIZE);
-        }
-
-        // one-shot usage
-        protected void crypt(byte[] in, int offset, int length, byte[] out, 
int outOffset) {
-            while (length > 0) {
-                System.arraycopy(engineState, 0, x, 0, BLOCK_INTS);
-                permute(x);
-                int want = Math.min(BLOCK_BYTES, length);
-                for (int i = 0, j = 0; i < want; i += Integer.BYTES, j++) {
-                    int keyStream = engineState[j] + x[j];
-                    int take = Math.min(Integer.BYTES, length);
-                    int input = unpackIntLE(in, offset, take);
-                    int output = keyStream ^ input;
-                    packIntLE(output, out, outOffset, take);
-                    offset += take;
-                    outOffset += take;
-                    length -= take;
-                }
-                int lo = ++engineState[COUNTER_OFFSET];
-                if (lo == 0) {
-                    // overflow
-                    ++engineState[COUNTER_OFFSET + 1];
-                }
-            }
-        }
-
-        protected byte[] polyKey() {
-            byte[] block = new byte[Poly1305Mac.KEY_BYTES];
-            initCounter(0);
-            crypt(block, 0, block.length, block, 0);
-            initCounter(1);
-            return block;
-        }
-
-        protected static void permute(int[] state) {
-            for (int i = 0; i < 10; i++) {
-                columnRound(state);
-                diagonalRound(state);
-            }
-        }
-
-        protected static void columnRound(int[] state) {
-            quarterRound(state, 0, 4, 8, 12);
-            quarterRound(state, 1, 5, 9, 13);
-            quarterRound(state, 2, 6, 10, 14);
-            quarterRound(state, 3, 7, 11, 15);
-        }
-
-        protected static void diagonalRound(int[] state) {
-            quarterRound(state, 0, 5, 10, 15);
-            quarterRound(state, 1, 6, 11, 12);
-            quarterRound(state, 2, 7, 8, 13);
-            quarterRound(state, 3, 4, 9, 14);
-        }
-
-        protected static void quarterRound(int[] state, int a, int b, int c, 
int d) {
-            state[a] += state[b];
-            state[d] = Integer.rotateLeft(state[d] ^ state[a], 16);
-
-            state[c] += state[d];
-            state[b] = Integer.rotateLeft(state[b] ^ state[c], 12);
-
-            state[a] += state[b];
-            state[d] = Integer.rotateLeft(state[d] ^ state[a], 8);
-
-            state[c] += state[d];
-            state[b] = Integer.rotateLeft(state[b] ^ state[c], 7);
-        }
-
-        private static int unpackIntLE(byte[] buf, int off) {
-            return unpackIntLE(buf, off, Integer.BYTES);
-        }
-
-        private static int unpackIntLE(byte[] buf, int off, int len) {
-            int ret = 0;
-            for (int i = 0; i < len; i++) {
-                ret |= Byte.toUnsignedInt(buf[off + i]) << i * Byte.SIZE;
-            }
-            return ret;
-        }
-
-        private static void unpackIntsLE(byte[] buf, int off, int nrInts, 
int[] dst, int dstOff) {
-            for (int i = 0; i < nrInts; i++) {
-                dst[dstOff++] = unpackIntLE(buf, off);
-                off += Integer.BYTES;
-            }
-        }
-
-        private static int[] unpackSigmaString(byte[] buf) {
-            int[] values = new int[4];
-            unpackIntsLE(buf, 0, 4, values, 0);
-            return values;
-        }
-
-        private static void packIntLE(int value, byte[] dst, int off, int len) 
{
-            for (int i = 0; i < len; i++) {
-                dst[off + i] = (byte) (value >>> i * Byte.SIZE);
-            }
-        }
-    }
-}
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/mac/Poly1305Mac.java 
b/sshd-common/src/main/java/org/apache/sshd/common/mac/Poly1305Mac.java
deleted file mode 100644
index dcb8919..0000000
--- a/sshd-common/src/main/java/org/apache/sshd/common/mac/Poly1305Mac.java
+++ /dev/null
@@ -1,270 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.sshd.common.mac;
-
-import java.nio.BufferOverflowException;
-import java.security.InvalidKeyException;
-import java.util.Arrays;
-
-import org.apache.sshd.common.util.NumberUtils;
-import org.apache.sshd.common.util.buffer.BufferUtils;
-
-/**
- * Poly1305 one-time message authentication code. This implementation is 
derived from the public domain C library
- * <a href="https://github.com/floodyberry/poly1305-donna";>poly1305-donna</a>.
- *
- * @see <a href="http://cr.yp.to/mac/poly1305-20050329.pdf";>The Poly1305-AES 
message-authentication code</a>
- */
-public class Poly1305Mac implements Mac {
-    public static final int KEY_BYTES = 32;
-    private static final int BLOCK_SIZE = 16;
-
-    private int r0;
-    private int r1;
-    private int r2;
-    private int r3;
-    private int r4;
-    private int s1;
-    private int s2;
-    private int s3;
-    private int s4;
-    private int k0;
-    private int k1;
-    private int k2;
-    private int k3;
-
-    private int h0;
-    private int h1;
-    private int h2;
-    private int h3;
-    private int h4;
-    private final byte[] currentBlock = new byte[BLOCK_SIZE];
-    private int currentBlockOffset;
-
-    public Poly1305Mac() {
-        // empty
-    }
-
-    @Override
-    public String getAlgorithm() {
-        return "Poly1305";
-    }
-
-    @Override
-    public void init(byte[] key) throws Exception {
-        if (NumberUtils.length(key) != KEY_BYTES) {
-            throw new InvalidKeyException("Poly1305 key must be 32 bytes");
-        }
-
-        int t0 = unpackIntLE(key, 0);
-        int t1 = unpackIntLE(key, 4);
-        int t2 = unpackIntLE(key, 8);
-        int t3 = unpackIntLE(key, 12);
-
-        // NOTE: The masks perform the key "clamping" implicitly
-        r0 = t0 & 0x03FFFFFF;
-        r1 = (t0 >>> 26 | t1 << 6) & 0x03FFFF03;
-        r2 = (t1 >>> 20 | t2 << 12) & 0x03FFC0FF;
-        r3 = (t2 >>> 14 | t3 << 18) & 0x03F03FFF;
-        r4 = t3 >>> 8 & 0x000FFFFF;
-
-        // Precompute multipliers
-        s1 = r1 * 5;
-        s2 = r2 * 5;
-        s3 = r3 * 5;
-        s4 = r4 * 5;
-
-        k0 = unpackIntLE(key, 16);
-        k1 = unpackIntLE(key, 20);
-        k2 = unpackIntLE(key, 24);
-        k3 = unpackIntLE(key, 28);
-    }
-
-    @Override
-    public void update(byte[] in, int offset, int length) {
-        while (length > 0) {
-            if (currentBlockOffset == BLOCK_SIZE) {
-                processBlock();
-            }
-
-            int toCopy = Math.min(length, BLOCK_SIZE - currentBlockOffset);
-            System.arraycopy(in, offset, currentBlock, currentBlockOffset, 
toCopy);
-            offset += toCopy;
-            length -= toCopy;
-            currentBlockOffset += toCopy;
-        }
-    }
-
-    @Override
-    public void updateUInt(long value) {
-        byte[] encoded = new byte[Integer.BYTES];
-        BufferUtils.putUInt(value, encoded);
-        update(encoded);
-    }
-
-    @Override
-    public void doFinal(byte[] out, int offset) throws Exception {
-        if (offset + BLOCK_SIZE > NumberUtils.length(out)) {
-            throw new BufferOverflowException();
-        }
-        if (currentBlockOffset > 0) {
-            processBlock();
-        }
-
-        h1 += h0 >>> 26;
-        h0 &= 0x3ffffff;
-        h2 += h1 >>> 26;
-        h1 &= 0x3ffffff;
-        h3 += h2 >>> 26;
-        h2 &= 0x3ffffff;
-        h4 += h3 >>> 26;
-        h3 &= 0x3ffffff;
-        h0 += (h4 >>> 26) * 5;
-        h4 &= 0x3ffffff;
-        h1 += h0 >>> 26;
-        h0 &= 0x3ffffff;
-
-        int g0 = h0 + 5;
-        int b = g0 >>> 26;
-        g0 &= 0x3ffffff;
-        int g1 = h1 + b;
-        b = g1 >>> 26;
-        g1 &= 0x3ffffff;
-        int g2 = h2 + b;
-        b = g2 >>> 26;
-        g2 &= 0x3ffffff;
-        int g3 = h3 + b;
-        b = g3 >>> 26;
-        g3 &= 0x3ffffff;
-        int g4 = h4 + b - (1 << 26);
-
-        b = (g4 >>> 31) - 1;
-        int nb = ~b;
-        h0 = h0 & nb | g0 & b;
-        h1 = h1 & nb | g1 & b;
-        h2 = h2 & nb | g2 & b;
-        h3 = h3 & nb | g3 & b;
-        h4 = h4 & nb | g4 & b;
-
-        long f0 = Integer.toUnsignedLong(h0 | h1 << 26) + 
Integer.toUnsignedLong(k0);
-        long f1 = Integer.toUnsignedLong(h1 >>> 6 | h2 << 20) + 
Integer.toUnsignedLong(k1);
-        long f2 = Integer.toUnsignedLong(h2 >>> 12 | h3 << 14) + 
Integer.toUnsignedLong(k2);
-        long f3 = Integer.toUnsignedLong(h3 >>> 18 | h4 << 8) + 
Integer.toUnsignedLong(k3);
-
-        packIntLE((int) f0, out, offset);
-        f1 += f0 >>> 32;
-        packIntLE((int) f1, out, offset + 4);
-        f2 += f1 >>> 32;
-        packIntLE((int) f2, out, offset + 8);
-        f3 += f2 >>> 32;
-        packIntLE((int) f3, out, offset + 12);
-
-        reset();
-    }
-
-    private void processBlock() {
-        if (currentBlockOffset < BLOCK_SIZE) {
-            // padding
-            currentBlock[currentBlockOffset] = 1;
-            for (int i = currentBlockOffset + 1; i < BLOCK_SIZE; i++) {
-                currentBlock[i] = 0;
-            }
-        }
-
-        long t0 = Integer.toUnsignedLong(unpackIntLE(currentBlock, 0));
-        long t1 = Integer.toUnsignedLong(unpackIntLE(currentBlock, 4));
-        long t2 = Integer.toUnsignedLong(unpackIntLE(currentBlock, 8));
-        long t3 = Integer.toUnsignedLong(unpackIntLE(currentBlock, 12));
-
-        h0 += t0 & 0x3ffffff;
-        h1 += (t1 << 32 | t0) >>> 26 & 0x3ffffff;
-        h2 += (t2 << 32 | t1) >>> 20 & 0x3ffffff;
-        h3 += (t3 << 32 | t2) >>> 14 & 0x3ffffff;
-        h4 += t3 >>> 8;
-
-        if (currentBlockOffset == BLOCK_SIZE) {
-            h4 += 1 << 24;
-        }
-
-        long tp0 = unsignedProduct(h0, r0) + unsignedProduct(h1, s4) + 
unsignedProduct(h2, s3) + unsignedProduct(h3, s2)
-                   + unsignedProduct(h4, s1);
-        long tp1 = unsignedProduct(h0, r1) + unsignedProduct(h1, r0) + 
unsignedProduct(h2, s4) + unsignedProduct(h3, s3)
-                   + unsignedProduct(h4, s2);
-        long tp2 = unsignedProduct(h0, r2) + unsignedProduct(h1, r1) + 
unsignedProduct(h2, r0) + unsignedProduct(h3, s4)
-                   + unsignedProduct(h4, s3);
-        long tp3 = unsignedProduct(h0, r3) + unsignedProduct(h1, r2) + 
unsignedProduct(h2, r1) + unsignedProduct(h3, r0)
-                   + unsignedProduct(h4, s4);
-        long tp4 = unsignedProduct(h0, r4) + unsignedProduct(h1, r3) + 
unsignedProduct(h2, r2) + unsignedProduct(h3, r1)
-                   + unsignedProduct(h4, r0);
-
-        h0 = (int) tp0 & 0x3ffffff;
-        tp1 += tp0 >>> 26;
-        h1 = (int) tp1 & 0x3ffffff;
-        tp2 += tp1 >>> 26;
-        h2 = (int) tp2 & 0x3ffffff;
-        tp3 += tp2 >>> 26;
-        h3 = (int) tp3 & 0x3ffffff;
-        tp4 += tp3 >>> 26;
-        h4 = (int) tp4 & 0x3ffffff;
-        h0 += (int) (tp4 >>> 26) * 5;
-        h1 += h0 >>> 26;
-        h0 &= 0x3ffffff;
-
-        currentBlockOffset = 0;
-    }
-
-    private void reset() {
-        h0 = 0;
-        h1 = 0;
-        h2 = 0;
-        h3 = 0;
-        h4 = 0;
-        currentBlockOffset = 0;
-        Arrays.fill(currentBlock, (byte) 0);
-    }
-
-    @Override
-    public int getBlockSize() {
-        return BLOCK_SIZE;
-    }
-
-    @Override
-    public int getDefaultBlockSize() {
-        return BLOCK_SIZE;
-    }
-
-    private static int unpackIntLE(byte[] buf, int off) {
-        int ret = 0;
-        for (int i = 0; i < Integer.BYTES; i++) {
-            ret |= Byte.toUnsignedInt(buf[off + i]) << i * Byte.SIZE;
-        }
-        return ret;
-    }
-
-    private static void packIntLE(int value, byte[] dst, int off) {
-        for (int i = 0; i < Integer.BYTES; i++) {
-            dst[off + i] = (byte) (value >>> i * Byte.SIZE);
-        }
-    }
-
-    private static long unsignedProduct(int i1, int i2) {
-        return Integer.toUnsignedLong(i1) * Integer.toUnsignedLong(i2);
-    }
-}
diff --git 
a/sshd-common/src/test/java/org/apache/sshd/common/cipher/ChaCha20CipherTest.java
 
b/sshd-common/src/test/java/org/apache/sshd/common/cipher/ChaCha20CipherTest.java
deleted file mode 100644
index 92b8725..0000000
--- 
a/sshd-common/src/test/java/org/apache/sshd/common/cipher/ChaCha20CipherTest.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.sshd.common.cipher;
-
-import java.nio.charset.StandardCharsets;
-
-import org.apache.sshd.common.util.buffer.BufferUtils;
-import org.apache.sshd.util.test.JUnitTestSupport;
-import org.junit.Test;
-
-public class ChaCha20CipherTest extends JUnitTestSupport {
-    public ChaCha20CipherTest() {
-        super();
-    }
-
-    @Test
-    public void testEncryptDecrypt() throws Exception {
-        ChaCha20Cipher cipher = new ChaCha20Cipher();
-        byte[] key = new byte[cipher.getKdfSize()];
-        for (int i = 0; i < key.length; i++) {
-            key[i] = (byte) (i & 0xff);
-        }
-        byte[] iv = new byte[cipher.getIVSize()];
-        BufferUtils.putLong(42, iv, 0, iv.length);
-        byte[] aad = new byte[4];
-        byte[] plaintext = 
getClass().getName().getBytes(StandardCharsets.UTF_8);
-        BufferUtils.putUInt(plaintext.length, aad);
-        byte[] buf = new byte[plaintext.length + 
cipher.getAuthenticationTagSize()];
-        System.arraycopy(plaintext, 0, buf, 0, plaintext.length);
-        cipher.init(Cipher.Mode.Encrypt, key, iv);
-        cipher.updateAAD(aad);
-        cipher.update(buf, 0, plaintext.length);
-
-        byte[] ciphertext = buf.clone();
-
-        cipher.init(Cipher.Mode.Decrypt, key, iv);
-        cipher.updateAAD(aad);
-        int length = (int) BufferUtils.getUInt(aad);
-        cipher.update(ciphertext, 0, length);
-        assertEquals(getClass().getName(), new String(ciphertext, 0, length, 
StandardCharsets.UTF_8));
-    }
-}
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 
b/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java
index 8db30b7..6c24a5c 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java
@@ -70,7 +70,6 @@ public class BaseBuilder<T extends AbstractFactoryManager, S 
extends BaseBuilder
      */
     public static final List<BuiltinCiphers> DEFAULT_CIPHERS_PREFERENCE = 
Collections.unmodifiableList(
             Arrays.asList(
-                    BuiltinCiphers.cc20p1305_openssh,
                     BuiltinCiphers.aes128ctr,
                     BuiltinCiphers.aes192ctr,
                     BuiltinCiphers.aes256ctr,
diff --git 
a/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
 
b/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
index f13baf1..14da167 100644
--- 
a/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
+++ 
b/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/AbstractSession.java
@@ -1635,8 +1635,7 @@ public abstract class AbstractSession extends 
SessionHelper {
      *
      * @throws Exception if an error occurs
      */
-    // TODO: this method needs refactoring
-    @SuppressWarnings({ "checkstyle:VariableDeclarationUsageDistance", 
"checkstyle:ExecutableStatementCount" })
+    @SuppressWarnings("checkstyle:VariableDeclarationUsageDistance")
     protected void receiveNewKeys() throws Exception {
         byte[] k = kex.getK();
         byte[] h = kex.getH();
@@ -1688,9 +1687,6 @@ public abstract class AbstractSession extends 
SessionHelper {
         Cipher s2ccipher = ValidateUtils.checkNotNull(
                 NamedFactory.create(getCipherFactories(), value), "Unknown s2c 
cipher: %s", value);
         e_s2c = resizeKey(e_s2c, s2ccipher.getKdfSize(), hash, k, h);
-        if (s2ccipher.getAlgorithm().startsWith("ChaCha")) {
-            BufferUtils.putLong(serverSession ? seqo : seqi, iv_s2c, 0, 
iv_s2c.length);
-        }
         s2ccipher.init(serverSession ? Cipher.Mode.Encrypt : 
Cipher.Mode.Decrypt, e_s2c, iv_s2c);
 
         Mac s2cmac;
@@ -1716,9 +1712,6 @@ public abstract class AbstractSession extends 
SessionHelper {
         Cipher c2scipher = ValidateUtils.checkNotNull(
                 NamedFactory.create(getCipherFactories(), value), "Unknown c2s 
cipher: %s", value);
         e_c2s = resizeKey(e_c2s, c2scipher.getKdfSize(), hash, k, h);
-        if (c2scipher.getAlgorithm().startsWith("ChaCha")) {
-            BufferUtils.putLong(serverSession ? seqi : seqo, iv_c2s, 0, 
iv_c2s.length);
-        }
         c2scipher.init(serverSession ? Cipher.Mode.Decrypt : 
Cipher.Mode.Encrypt, e_c2s, iv_c2s);
 
         Mac c2smac;

Reply via email to