Address soundness.sh issues with correct version of swiftformat.

Sources/NIOSSH/Connection State Machine/SSHConnectionStateMachine.swift

@@ -182,7 +182,7 @@ struct SSHConnectionStateMachine {
                 return .noMessage
             case .unimplemented(let unimplemented):
                 throw NIOSSHError.remotePeerDoesNotSupportMessage(unimplemented)
-                
+
             default:
                 // TODO: enforce RFC 4253:
                 //

Sources/NIOSSH/Connection State Machine/States/IdleState.swift

@@ -22,7 +22,7 @@ extension SSHConnectionStateMachine {
         internal var serializer: SSHPacketSerializer
 
         internal var protectionSchemes: [NIOSSHTransportProtection.Type]
-        
+
         internal var keyExchangeAlgorithms: [NIOSSHKeyExchangeAlgorithmProtocol.Type]
 
         init(role: SSHConnectionRole) {

Sources/NIOSSH/Connection State Machine/States/ReceivedKexInitWhenActiveState.swift

@@ -38,7 +38,7 @@ extension SSHConnectionStateMachine {
             self.parser = previous.parser
             self.remoteVersion = previous.remoteVersion
             self.sessionIdentifier = previous.sessionIdentifier
-            self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: previous.role, remoteVersion: previous.remoteVersion, keyExchangeAlgorithms: role.keyExchangeAlgorithms, transportProtectionSchemes: role.transportProtectionSchemes, previousSessionIdentifier: self.sessionIdentifier)
+            self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: previous.role, remoteVersion: previous.remoteVersion, keyExchangeAlgorithms: self.role.keyExchangeAlgorithms, transportProtectionSchemes: self.role.transportProtectionSchemes, previousSessionIdentifier: self.sessionIdentifier)
         }
     }
 }

Sources/NIOSSH/Connection State Machine/States/SentKexInitWhenActiveState.swift

@@ -38,7 +38,7 @@ extension SSHConnectionStateMachine {
             self.parser = previous.parser
             self.remoteVersion = previous.remoteVersion
             self.sessionIdentitifier = previous.sessionIdentifier
-            self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: self.role, remoteVersion: self.remoteVersion, keyExchangeAlgorithms: role.keyExchangeAlgorithms, transportProtectionSchemes: role.transportProtectionSchemes, previousSessionIdentifier: previous.sessionIdentifier)
+            self.keyExchangeStateMachine = SSHKeyExchangeStateMachine(allocator: allocator, loop: loop, role: self.role, remoteVersion: self.remoteVersion, keyExchangeAlgorithms: self.role.keyExchangeAlgorithms, transportProtectionSchemes: self.role.transportProtectionSchemes, previousSessionIdentifier: previous.sessionIdentifier)
         }
     }
 }

Sources/NIOSSH/Key Exchange/EllipticCurveKeyExchange.swift

@@ -20,7 +20,7 @@ public struct NIOSSHKeyExchangeServerReply {
     public var hostKey: NIOSSHPublicKey
     public var publicKey: ByteBuffer
     public var signature: NIOSSHSignature
-    
+
     public init(hostKey: NIOSSHPublicKey, publicKey: ByteBuffer, signature: NIOSSHSignature) {
         self.hostKey = hostKey
         self.publicKey = publicKey
@@ -33,7 +33,7 @@ public struct NIOSSHKeyExchangeServerReply {
 public protocol NIOSSHKeyExchangeAlgorithmProtocol {
     static var keyExchangeInitMessageId: UInt8 { get }
     static var keyExchangeReplyMessageId: UInt8 { get }
-    
+
     init(ourRole: SSHConnectionRole, previousSessionIdentifier: ByteBuffer?)
 
     func initiateKeyExchangeClientSide(allocator: ByteBufferAllocator) -> ByteBuffer
@@ -62,7 +62,7 @@ struct EllipticCurveKeyExchange<PrivateKey: ECDHCompatiblePrivateKey>: NIOSSHKey
     private var theirKey: PrivateKey.PublicKey?
     private var ourRole: SSHConnectionRole
     private var sharedSecret: SharedSecret?
-    
+
     static var keyExchangeInitMessageId: UInt8 { 30 }
     static var keyExchangeReplyMessageId: UInt8 { 31 }
 

Sources/NIOSSH/Key Exchange/SSHKeyExchangeResult.swift

@@ -24,7 +24,7 @@ public struct KeyExchangeResult {
     public var sessionID: ByteBuffer
 
     public var keys: NIOSSHSessionKeys
-    
+
     public init(sessionID: ByteBuffer, keys: NIOSSHSessionKeys) {
         self.sessionID = sessionID
         self.keys = keys
@@ -63,7 +63,7 @@ public struct NIOSSHSessionKeys {
     public var inboundMACKey: SymmetricKey
 
     public var outboundMACKey: SymmetricKey
-    
+
     public init(initialInboundIV: [UInt8], initialOutboundIV: [UInt8], inboundEncryptionKey: SymmetricKey, outboundEncryptionKey: SymmetricKey, inboundMACKey: SymmetricKey, outboundMACKey: SymmetricKey) {
         self.initialInboundIV = initialInboundIV
         self.initialOutboundIV = initialOutboundIV
@@ -88,7 +88,7 @@ public struct ExpectedKeySizes {
     public var encryptionKeySize: Int
 
     public var macKeySize: Int
-    
+
     public init(ivSize: Int, encryptionKeySize: Int, macKeySize: Int) {
         self.ivSize = ivSize
         self.encryptionKeySize = encryptionKeySize

Sources/NIOSSH/Key Exchange/SSHKeyExchangeStateMachine.swift

@@ -105,7 +105,7 @@ struct SSHKeyExchangeStateMachine {
 
         return .init(
             cookie: rng.randomCookie(allocator: self.allocator),
-            keyExchangeAlgorithms: role.keyExchangeAlgorithmNames,
+            keyExchangeAlgorithms: self.role.keyExchangeAlgorithmNames,
             serverHostKeyAlgorithms: self.supportedHostKeyAlgorithms,
             encryptionAlgorithmsClientToServer: encryptionAlgorithms,
             encryptionAlgorithmsServerToClient: encryptionAlgorithms,
@@ -377,13 +377,13 @@ struct SSHKeyExchangeStateMachine {
 
         switch self.role {
         case .client:
-            clientAlgorithms = role.keyExchangeAlgorithmNames
+            clientAlgorithms = self.role.keyExchangeAlgorithmNames
             serverAlgorithms = peerKeyExchangeAlgorithms
             clientHostKeyAlgorithms = self.supportedHostKeyAlgorithms
             serverHostKeyAlgorithms = peerHostKeyAlgorithms
         case .server:
             clientAlgorithms = peerKeyExchangeAlgorithms
-            serverAlgorithms = role.keyExchangeAlgorithmNames
+            serverAlgorithms = self.role.keyExchangeAlgorithmNames
             clientHostKeyAlgorithms = peerHostKeyAlgorithms
             serverHostKeyAlgorithms = self.supportedHostKeyAlgorithms
         }
@@ -456,7 +456,7 @@ struct SSHKeyExchangeStateMachine {
     }
 
     private func exchangerForAlgorithm(_ algorithm: Substring) throws -> NIOSSHKeyExchangeAlgorithmProtocol {
-        for implementation in keyExchangeAlgorithms {
+        for implementation in self.keyExchangeAlgorithms {
             if implementation.keyExchangeAlgorithmNames.contains(algorithm) {
                 return implementation.init(ourRole: self.role, previousSessionIdentifier: self.previousSessionIdentifier)
             }
@@ -469,7 +469,7 @@ struct SSHKeyExchangeStateMachine {
     private func expectingIncorrectGuess(_ kexMessage: SSHMessage.KeyExchangeMessage) -> Bool {
         // A guess is wrong if the key exchange algorithm and/or the host key algorithm differ from our preference.
         kexMessage.firstKexPacketFollows && (
-            kexMessage.keyExchangeAlgorithms.first != role.keyExchangeAlgorithmNames.first ||
+            kexMessage.keyExchangeAlgorithms.first != self.role.keyExchangeAlgorithmNames.first ||
                 kexMessage.serverHostKeyAlgorithms.first != self.supportedHostKeyAlgorithms.first
         )
     }
@@ -515,11 +515,11 @@ extension SSHKeyExchangeStateMachine {
 
     /// All known host key algorithms.
     static let bundledServerHostKeyAlgorithms: [Substring] = ["ssh-ed25519", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp521"]
-    
+
     static var supportedServerHostKeyAlgorithms: [Substring] {
         let bundledAlgorithms = bundledServerHostKeyAlgorithms
         let customAlgorithms = NIOSSHPublicKey.customPublicKeyAlgorithms.map { Substring($0.publicKeyPrefix) }
-        
+
         return bundledAlgorithms + customAlgorithms
     }
 }

Sources/NIOSSH/Keys And Signatures/CustomKeys.swift

@@ -1,3 +1,17 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftNIO open source project
+//
+// Copyright (c) YEARS Apple Inc. and the SwiftNIO project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of SwiftNIO project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
 import Foundation
 import NIO
 
@@ -11,14 +25,14 @@ public protocol NIOSSHSignatureProtocol {
     /// This identifier MUST be unique to the signature implementation.
     /// The returned value MUST NOT overlap with other signature implementations or a specifications that the signature does not implement.
     static var signaturePrefix: String { get }
-    
+
     /// The raw reprentation of this signature as a blob.
     var rawRepresentation: Data { get }
-    
+
     /// Serializes and writes the signature to the buffer. The calling function SHOULD NOT keep track of the size of the written blob.
     /// If the result is not a fixed size, the serialized format SHOULD include a length.
     func write(to buffer: inout ByteBuffer) -> Int
-    
+
     /// Reads this Signature from the buffer using the same format implemented in `write(to:)`
     static func read(from buffer: inout ByteBuffer) throws -> Self
 }
@@ -34,17 +48,17 @@ public protocol NIOSSHPublicKeyProtocol {
     /// This identifier MUST be unique to the public key implementation.
     /// The returned value MUST NOT overlap with other public key implementations or a specifications that the public key does not implement.
     static var publicKeyPrefix: String { get }
-    
+
     /// The raw reprentation of this publc key as a blob.
     var rawRepresentation: Data { get }
-    
+
     /// Verifies that `signature` is the result of signing `data` using the private key that this public key is derived from.
     func isValidSignature<D: DataProtocol>(_ signature: NIOSSHSignatureProtocol, for data: D) -> Bool
-    
+
     /// Serializes and writes the public key to the buffer. The calling function SHOULD NOT keep track of the size of the written blob.
     /// If the result is not a fixed size, the serialized format SHOULD include a length.
     func write(to buffer: inout ByteBuffer) -> Int
-    
+
     /// Reads this Public Key from the buffer using the same format implemented in `write(to:)`
     static func read(from buffer: inout ByteBuffer) throws -> Self
 }
@@ -60,10 +74,10 @@ public protocol NIOSSHPrivateKeyProtocol {
     /// This identifier MUST be unique to the private key implementation.
     /// The returned value MUST NOT overlap with other private key implementations or a specifications that the private key does not implement.
     static var keyPrefix: String { get }
-    
+
     /// A public key instance that is able to verify signatures that are created using this private key.
     var publicKey: NIOSSHPublicKeyProtocol { get }
-    
+
     /// Creates a signature, proving that `data` has been sent by the holder of this private key, and can be verified by `publicKey`.
     func signature<D: DataProtocol>(for data: D) throws -> NIOSSHSignatureProtocol
 }

Sources/NIOSSH/Keys And Signatures/NIOSSHPrivateKey.swift

@@ -45,7 +45,7 @@ public struct NIOSSHPrivateKey {
     public init(p521Key key: P521.Signing.PrivateKey) {
         self.backingKey = .ecdsaP521(key)
     }
-    
+
     public init<PrivateKey: NIOSSHPrivateKeyProtocol>(custom key: PrivateKey) {
         self.backingKey = .custom(key)
     }

Sources/NIOSSH/Keys And Signatures/NIOSSHPublicKey.swift

@@ -13,8 +13,8 @@
 //===----------------------------------------------------------------------===//
 
 import Crypto
-import NIOConcurrencyHelpers
 import Foundation
+import NIOConcurrencyHelpers
 import NIOCore
 
 /// An SSH public key.
@@ -196,22 +196,22 @@ extension NIOSSHPublicKey {
     }
 
     private static let bundledAlgorithms: [String.UTF8View] = [
-        Self.ed25519PublicKeyPrefix, Self.ecdsaP384PublicKeyPrefix, Self.ecdsaP256PublicKeyPrefix, Self.ecdsaP521PublicKeyPrefix
+        Self.ed25519PublicKeyPrefix, Self.ecdsaP384PublicKeyPrefix, Self.ecdsaP256PublicKeyPrefix, Self.ecdsaP521PublicKeyPrefix,
     ]
-    
+
     internal static var knownAlgorithms: [String.UTF8View] {
         bundledAlgorithms + customPublicKeyAlgorithms.map { $0.publicKeyPrefix.utf8 }
     }
 
     internal static var customPublicKeyAlgorithms: [NIOSSHPublicKeyProtocol.Type] {
-        return _CustomAlgorithms.publicKeyAlgorithmsLock.withLock {
-            return _CustomAlgorithms.publicKeyAlgorithms
+        _CustomAlgorithms.publicKeyAlgorithmsLock.withLock {
+            _CustomAlgorithms.publicKeyAlgorithms
         }
     }
 
     internal static var customSignatures: [NIOSSHSignatureProtocol.Type] {
-        return _CustomAlgorithms.signaturesLock.withLock {
-            return _CustomAlgorithms.signatures
+        _CustomAlgorithms.signaturesLock.withLock {
+            _CustomAlgorithms.signatures
         }
     }
 }
@@ -224,15 +224,15 @@ public enum NIOSSHAlgorithms {
             }
         }
     }
-    
+
     public static func register(transportProtectionScheme type: NIOSSHTransportProtection.Type) {
         _CustomAlgorithms.transportProtectionSchemesLock.withLockVoid {
             if !_CustomAlgorithms.transportProtectionSchemes.contains(where: { ObjectIdentifier($0) == ObjectIdentifier(type) }) {
                 _CustomAlgorithms.transportProtectionSchemes.append(type)
             }
         }
     }
-    
+
     /// Registers a custom type tuple for use in Public Key Authentication.
     public static func register<
         PublicKey: NIOSSHPublicKeyProtocol,
@@ -248,7 +248,7 @@ public enum NIOSSHAlgorithms {
             }
         }
     }
-    
+
     /// Used for our unit tests
     internal static func unregisterAlgorithms() {
         _CustomAlgorithms.transportProtectionSchemesLock.withLockVoid {
@@ -267,18 +267,18 @@ public enum NIOSSHAlgorithms {
 }
 
 internal var customTransportProtectionSchemes: [NIOSSHTransportProtection.Type] {
-    return _CustomAlgorithms.transportProtectionSchemesLock.withLock {
-        return _CustomAlgorithms.transportProtectionSchemes
+    _CustomAlgorithms.transportProtectionSchemesLock.withLock {
+        _CustomAlgorithms.transportProtectionSchemes
     }
 }
 
 internal var customKeyExchangeAlgorithms: [NIOSSHKeyExchangeAlgorithmProtocol.Type] {
-    return _CustomAlgorithms.keyExchangeAlgorithmsLock.withLock {
-        return _CustomAlgorithms.keyExchangeAlgorithms
+    _CustomAlgorithms.keyExchangeAlgorithmsLock.withLock {
+        _CustomAlgorithms.keyExchangeAlgorithms
     }
 }
 
-fileprivate enum _CustomAlgorithms {
+private enum _CustomAlgorithms {
     static var transportProtectionSchemesLock = Lock()
     static var transportProtectionSchemes = [NIOSSHTransportProtection.Type]()
     static var keyExchangeAlgorithmsLock = Lock()
@@ -347,12 +347,12 @@ extension NIOSSHPublicKey.BackingKey: Hashable {
 extension NIOSSHPublicKey {
     @discardableResult
     public func write(to buffer: inout ByteBuffer) -> Int {
-        return buffer.writeSSHHostKey(self)
+        buffer.writeSSHHostKey(self)
     }
-    
+
     @discardableResult
     public func writeWithoutHeader(to buffer: inout ByteBuffer) -> Int {
-        return buffer.writeSSHHostKeyWithoutHeader(self)
+        buffer.writeSSHHostKeyWithoutHeader(self)
     }
 }
 
@@ -374,7 +374,7 @@ extension ByteBuffer {
             return self.writeCertifiedKey(key)
         }
     }
-    
+
     /// Writes an SSH host key to this `ByteBuffer`.
     @discardableResult
     mutating func writeSSHHostKey(_ key: NIOSSHPublicKey) -> Int {
@@ -455,7 +455,7 @@ extension ByteBuffer {
                         return NIOSSHPublicKey(backingKey: .custom(publicKey))
                     }
                 }
-                
+
                 // We don't know this public key type. Maybe the certified keys do.
                 return try buffer.readCertifiedKeyWithoutKeyPrefix(keyIdentifierBytes).map(NIOSSHPublicKey.init)
             }

Sources/NIOSSH/Keys And Signatures/NIOSSHSignature.swift

@@ -240,7 +240,7 @@ extension ByteBuffer {
                         return NIOSSHSignature(backingSignature: .custom(signature))
                     }
                 }
-                
+
                 // We don't know this signature type.
                 let signature = signatureIdentifierBytes.readString(length: signatureIdentifierBytes.readableBytes) ?? "<unknown signature>"
                 throw NIOSSHError.unknownSignature(algorithm: signature)

Sources/NIOSSH/Role.swift

@@ -34,7 +34,7 @@ public enum SSHConnectionRole {
             return true
         }
     }
-    
+
     internal var transportProtectionSchemes: [NIOSSHTransportProtection.Type] {
         switch self {
         case .client(let client):
@@ -43,11 +43,11 @@ public enum SSHConnectionRole {
             return server.transportProtectionSchemes
         }
     }
-    
+
     internal var keyExchangeAlgorithmNames: [Substring] {
         self.keyExchangeAlgorithms.flatMap { $0.keyExchangeAlgorithmNames }
     }
-    
+
     internal var keyExchangeAlgorithms: [NIOSSHKeyExchangeAlgorithmProtocol.Type] {
         switch self {
         case .client(let client):

Sources/NIOSSH/SSHClientConfiguration.swift

@@ -22,10 +22,10 @@ public struct SSHClientConfiguration {
 
     /// The global request delegate to be used with this client.
     public var globalRequestDelegate: GlobalRequestDelegate
-    
+
     /// The enabled TransportProtectionSchemes
     public var transportProtectionSchemes: [NIOSSHTransportProtection.Type] = SSHConnectionStateMachine.bundledTransportProtectionSchemes
-    
+
     /// The enabled KeyExchangeAlgorithms
     public var keyExchangeAlgorithms: [NIOSSHKeyExchangeAlgorithmProtocol.Type] = SSHKeyExchangeStateMachine.bundledKeyExchangeImplementations