nataphon-ktsystems opened a new pull request, #902: URL: https://github.com/apache/mina-sshd/pull/902
Security-key (`sk-*`) signatures carry a structured OpenSSH signature blob: algorithm, raw signature, flags, and counter. The client-side auth path and OpenSSH agent proxy path were treating those like ordinary two-field signatures, which dropped or double-wrapped the trailing security-key fields. This change preserves the full security-key signature blob when reading OpenSSH agent responses, forwarding local agent responses, and appending the final userauth signature. Ordinary key types keep the existing algorithm-plus-signature wrapping. Tests cover both sides of the client path: - `AgentUnitTest.securityKeySignatureBlob` verifies a security-key signature blob survives the agent protocol path with flags and counter intact. - `UserAuthPublicKeySkTest.securityKeySignatureBlobIsNotWrapped` verifies the client userauth packet writes the security-key signature blob directly instead of wrapping it again. Validation: ```bash ./mvnw -pl sshd-core -am -Dtest=AgentUnitTest,UserAuthPublicKeySkTest -Dsurefire.failIfNoSpecifiedTests=false test ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
