- Securely clean up unmanaged memory buffers before deallocation.

- Add `EnsureInitialized` and enhanced connection status validation methods to `SshSession` for operational consistency.
- Introduce host key hash retrieval with `HostKeyHashType` enum for SSH connections.
- Re-enable and include host key retrieval test in `NullOpsDevs.LibSsh.Test`.
- Securely wipe credentials after use in `SshPasswordCredential`.

Author: 0x25CBFC4F

NullOpsDevs.LibSsh.Test/Program.cs

@@ -82,11 +82,12 @@ private static async Task RunTestCategory(string categoryName, Func<Task> testFu
 
     private static async Task RunAuthenticationTests()
     {
+        await RunTest("Host key retrival", TestHostKeyRetrival);
         await RunTest("Password Authentication", TestPasswordAuth);
         await RunTest("Public Key Authentication (no passphrase)", TestPublicKeyAuth);
         await RunTest("Public Key Authentication (with passphrase)", TestPublicKeyAuthWithPassphrase);
         await RunTest("Public Key from Memory", TestPublicKeyFromMemory);
-        // await RunTest("SSH Agent Authentication", TestSshAgentAuth);
+        await RunTest("SSH Agent Authentication", TestSshAgentAuth);
     }
 
     private static Task<bool> TestPasswordAuth()
@@ -160,6 +161,13 @@ private static Task<bool> TestSshAgentAuth()
             return Task.FromResult(true);
         }
     }
+    
+    private static Task<bool> TestHostKeyRetrival()
+    {
+        using var session = TestHelper.CreateAndConnect();
+        var hostKey = session.GetHostKeyHash(HostKeyHashType.SHA256);
+        return Task.FromResult(hostKey.Length == 32);
+    }
 
     #endregion
 

NullOpsDevs.LibSsh/Core/HostKeyHashType.cs

@@ -0,0 +1,16 @@
+using System.Diagnostics.CodeAnalysis;
+using JetBrains.Annotations;
+using NullOpsDevs.LibSsh.Generated;
+
+namespace NullOpsDevs.LibSsh.Core;
+
+[PublicAPI]
+[SuppressMessage("ReSharper", "InconsistentNaming")]
+public enum HostKeyHashType
+{
+    MD5 = LibSshNative.LIBSSH2_HOSTKEY_HASH_MD5,
+    
+    SHA1 = LibSshNative.LIBSSH2_HOSTKEY_HASH_SHA1,
+    
+    SHA256 = LibSshNative.LIBSSH2_HOSTKEY_HASH_SHA256
+}

NullOpsDevs.LibSsh/Core/SshSession.cs

@@ -57,6 +57,17 @@ private void EnsureInStatus(SshConnectionStatus status)
             throw new SshException($"SshConnection must be in status '{status:G}' to perform that operation.", SshError.DevWrongUse);
     }
 
+    private void EnsureInStatuses(params SshConnectionStatus[] statuses)
+    {
+        foreach (var status in statuses)
+        {
+            if (ConnectionStatus == status)
+                return;
+        }
+        
+        throw new SshException($"SshConnection must be in one of the statuses '{string.Join(", ", statuses.Select(s => $"{s:G}"))}' to perform that operation.", SshError.DevWrongUse);
+    }
+    
     /// <summary>
     /// Connects to an SSH server at the specified host and port.
     /// </summary>
@@ -110,6 +121,26 @@ public unsafe void Connect(string host, int port)
         }
     }
 
+    public unsafe byte[] GetHostKeyHash(HostKeyHashType keyHashType)
+    {
+        EnsureInitialized();
+        EnsureInStatuses(SshConnectionStatus.Connected, SshConnectionStatus.LoggedIn);
+        
+        var keySize = keyHashType switch
+        {
+            HostKeyHashType.MD5 => 16,
+            HostKeyHashType.SHA1 => 20,
+            HostKeyHashType.SHA256 => 32,
+            _ => throw new ArgumentOutOfRangeException(nameof(keyHashType), keyHashType, null)
+        };
+        
+        var hash = libssh2_hostkey_hash(session, (int) keyHashType);
+        var keyHash = new byte[keySize];
+        Marshal.Copy(new IntPtr(hash), keyHash, 0, keySize);
+        
+        return keyHash;
+    }
+
     /// <summary>
     /// Asynchronously connects to an SSH server at the specified host and port.
     /// </summary>
@@ -140,6 +171,9 @@ public Task ConnectAsync(string host, int port, CancellationToken cancellationTo
     /// </remarks>
     public unsafe SshCommandResult ExecuteCommand(string command, CommandExecutionOptions? options = null, CancellationToken cancellationToken = default)
     {
+        EnsureInitialized();
+        EnsureInStatus(SshConnectionStatus.LoggedIn);
+        
         options ??= CommandExecutionOptions.Default;
 
         LibSsh2.Log($"Opening channel for command execution: '{command}'");
@@ -287,6 +321,9 @@ public Task<SshCommandResult> ExecuteCommandAsync(string command, CommandExecuti
     /// </remarks>
     public unsafe bool ReadFile(string path, Stream destination, int bufferSize = 32768, CancellationToken cancellationToken = default)
     {
+        EnsureInitialized();
+        EnsureInStatus(SshConnectionStatus.LoggedIn);
+        
         LibSsh2.Log($"Starting SCP download of file: '{path}'");
         using var remotePathBuffer = NativeBuffer.Allocate(path);
         using var statBuffer = NativeBuffer.Allocate(512);
@@ -363,6 +400,9 @@ public Task<bool> ReadFileAsync(string path, Stream destination, int bufferSize
     /// </remarks>
     public unsafe bool WriteFile(string path, Stream source, int mode = 420, int bufferSize = 32768, CancellationToken cancellationToken = default)
     {
+        EnsureInitialized();
+        EnsureInStatus(SshConnectionStatus.LoggedIn);
+        
         LibSsh2.Log($"Starting SCP upload to file: '{path}'");
 
         if (!source.CanRead)

NullOpsDevs.LibSsh/Credentials/SshPasswordCredential.cs

@@ -1,4 +1,5 @@
-using System.Runtime.InteropServices;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
 using NullOpsDevs.LibSsh.Generated;
 
 namespace NullOpsDevs.LibSsh.Credentials;
@@ -24,6 +25,9 @@ public override unsafe bool Authenticate(_LIBSSH2_SESSION* session)
             (sbyte*) usernameBuffer, (uint)username.Length,
             (sbyte*) passwordBuffer, (uint)password.Length, null);
 
+        Unsafe.InitBlockUnaligned(usernameBuffer.ToPointer(), 0, (uint)username.Length);
+        Unsafe.InitBlockUnaligned(passwordBuffer.ToPointer(), 0, (uint)username.Length);
+        
         Marshal.FreeHGlobal(usernameBuffer);
         Marshal.FreeHGlobal(passwordBuffer);
 

NullOpsDevs.LibSsh/Interop/NativeBuffer.cs

@@ -45,7 +45,11 @@ internal readonly ref struct NativeBuffer(IntPtr pointer, int length) : IDisposa
     public unsafe T* AsPointer<T>() where T : unmanaged => (T*)Pointer.ToPointer();
 
     /// <inheritdoc />
-    public void Dispose() => Marshal.FreeHGlobal(Pointer);
+    public unsafe void Dispose()
+    {
+        Unsafe.InitBlockUnaligned(AsPointer(), 0, (uint)Length);
+        Marshal.FreeHGlobal(Pointer);
+    }
 
     /// <summary>
     /// Allocates a native buffer of the specified length.