Restrict agent signing path#128
Merged
Merged
Conversation
Implements OpenSSH 8.9+ agent restriction protocol per https://www.openssh.org/agent-restrict.html Add support for publickey-hostbound-v00@openssh.com as well as agent key use constraints. Start advertising "ext-info-c" in the kex.
Parse server-sig-algs from SSH_MSG_EXT_INFO and use it to select the best RSA signing algorithm (rsa-sha2-512 > rsa-sha2-256 > ssh-rsa) when the server advertises the extension. Falls back to the key's default when server-sig-algs is absent, preserving current behavior for non-EXT_INFO servers.
kruton
force-pushed
the
feature/agent-restrict
branch
from
763687a to
9da4156
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support for OpenSSH agent destination constraints / host-bound publickey auth and strengthens key-material lifecycle management to better restrict where agent signatures can be used.
Changes:
- Add parsing/handling for
SSH_MSG_EXT_INFO(server-sig-algs,publickey-hostbound@openssh.com) and negotiate RSA signature algorithm accordingly. - Implement agent-side destination constraint enforcement and session-bind verification plumbing, with new unit/integration tests.
- Add zeroization/destroy hooks across KEX + packet crypto and wipe transient key material after use.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| sshlib/src/test/resources/openssh-server/Dockerfile | Expands OpenSSH test server config to permit ssh-rsa pubkeys for compatibility testing. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/crypto/AlgorithmsTest.kt | Adds unit tests for RSA signature algorithm negotiation. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/client/SshClientIntegrationTest.kt | Adds integration coverage for ssh-rsa-only servers and default rsa-sha2 negotiation. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/HostBoundSignatureDataTest.kt | Adds tests for host-bound signature-data encoding/parsing. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/ExtInfoProcessingTest.kt | Adds tests for EXT_INFO parsing of host-bound + server-sig-algs. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/AgentProtocolTest.kt | Updates agent protocol tests to cover bind verification + forwarding bind behavior. |
| sshlib/src/test/kotlin/org/connectbot/sshlib/AgentDestinationConstraintTest.kt | Adds tests for restrict-destination constraint enforcement and identity visibility. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/transport/PacketIO.kt | Destroys old cipher/MAC/AEAD instances when switching encryption modes. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/RsaSignatureAlgorithm.kt | Correctly maps ssh-rsa to SHA1withRSA and centralizes mapping logic. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/PacketMac.kt | Makes MACs destroyable for key zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/PacketCipher.kt | Makes ciphers destroyable for key zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/PacketAead.kt | Makes AEADs destroyable for key zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/MlKemHybridKeyExchange.kt | Adds private key zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/KeyDerivation.kt | Adds key/IV zeroization and clears intermediate digest material. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/KexAlgorithm.kt | Adds zeroize() contract for KEX implementations. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/HmacSha512.kt | Zeroizes MAC key on destroy. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/HmacSha256.kt | Zeroizes MAC key on destroy. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/HmacSha1.kt | Zeroizes MAC key on destroy. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/EcdhKeyExchange.kt | Destroys private key material after KEX. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/DiffieHellmanGroupExchange.kt | Clears DH-GEX private parameters and adds zeroize(). |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/DiffieHellman.kt | Clears DH private key and adds zeroize(). |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/Curve25519KeyExchange.kt | Adds private key zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/ChaCha20Poly1305Cipher.kt | Stores key for destroy-time wiping and implements destroy(). |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/Algorithms.kt | Adds ext-info-c to default KEX list and RSA signature negotiation helper. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/crypto/AesGcmCipher.kt | Stores key material for destroy-time wiping and implements destroy(). |
| sshlib/src/main/kotlin/org/connectbot/sshlib/client/SshConnection.kt | Adds EXT_INFO parsing, host-bound auth request support, RSA algorithm negotiation, and post-KEX zeroization. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/client/AgentProtocolHandler.kt | Implements destination constraint filtering/enforcement and session-bind verification hooks. |
| sshlib/src/main/kotlin/org/connectbot/sshlib/AgentProvider.kt | Extends agent identity API to carry destination constraints and adds constraint model types. |
| sshlib/api.txt | Updates public API surface for new AgentIdentity parameter + new model types. |
| protocol/src/main/resources/kaitai/userauth_request_publickey_hostbound.ksy | Adds Kaitai schema for host-bound publickey auth request fields. |
| protocol/src/main/resources/kaitai/userauth_publickey_signature_data_any.ksy | Adds Kaitai schema to parse both standard and host-bound signature data. |
| protocol/src/main/resources/kaitai/userauth_publickey_hostbound_signature_data.ksy | Adds Kaitai schema for host-bound signature data construction/parsing. |
| protocol/src/main/resources/kaitai/ssh_msg_userauth_request.ksy | Adds method switch case for host-bound publickey auth. |
| protocol/src/main/resources/kaitai/restrict_destination_constraint.ksy | Adds Kaitai schema for restrict-destination agent key constraints. |
| .gitignore | Ignores .worktrees/. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| import io.kaitai.struct.ByteBufferKaitaiStream | ||
| import org.connectbot.sshlib.protocol.UserauthPublickeyHostboundSignatureData | ||
| import org.connectbot.sshlib.protocol.createAsciiString |
There was a problem hiding this comment.
Unused import: createAsciiString is imported but never used. This will fail ktlint/spotless checks (no-unused-imports). Remove the unused import.
Suggested change
| import org.connectbot.sshlib.protocol.createAsciiString |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.