From 601fafb93b5d8058a8c8cb3812c72ca7ad13f446 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 13:37:56 +0100 Subject: [PATCH 1/6] Update ssh dependencies and fix imports of various SSH keys --- Cargo.lock | 639 ++++++++++++++---- Cargo.toml | 4 - crates/bitwarden-ssh/Cargo.toml | 17 +- .../resources/generator/rsa3072_key | 70 +- .../resources/generator/rsa4096_key | 92 +-- .../resources/import/ed25519_regression_17028 | 7 + crates/bitwarden-ssh/src/export.rs | 34 +- crates/bitwarden-ssh/src/generator.rs | 9 +- crates/bitwarden-ssh/src/import.rs | 29 +- 9 files changed, 624 insertions(+), 277 deletions(-) create mode 100644 crates/bitwarden-ssh/resources/import/ed25519_regression_17028 diff --git a/Cargo.lock b/Cargo.lock index 2dd67c4c2..41e50b727 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -23,10 +23,20 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" dependencies = [ - "crypto-common", + "crypto-common 0.1.6", "generic-array", ] +[[package]] +name = "aead" +version = "0.6.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac8202ab55fcbf46ca829833f347a82a2a4ce0596f0304ac322c2d100030cd56" +dependencies = [ + "crypto-common 0.2.0-rc.4", + "inout 0.2.0-rc.6", +] + [[package]] name = "aes" version = "0.8.4" @@ -34,23 +44,36 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", + "cpufeatures", + "zeroize", +] + +[[package]] +name = "aes" +version = "0.9.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e713c57c2a2b19159e7be83b9194600d7e8eb3b7c2cd67e671adf47ce189a05" +dependencies = [ + "cfg-if", + "cipher 0.5.0-rc.1", "cpufeatures", "zeroize", ] [[package]] name = "aes-gcm" -version = "0.10.3" +version = "0.11.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +checksum = "0686ba04dc80c816104c96cd7782b748f6ad58c5dd4ee619ff3258cf68e83d54" dependencies = [ - "aead", - "aes", - "cipher", + "aead 0.6.0-rc.2", + "aes 0.9.0-rc.1", + "cipher 0.5.0-rc.1", "ctr", "ghash", "subtle", + "zeroize", ] [[package]] @@ -309,6 +332,12 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" +[[package]] +name = "base16ct" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" + [[package]] name = "base64" version = "0.22.1" @@ -369,13 +398,13 @@ dependencies = [ [[package]] name = "bcrypt-pbkdf" -version = "0.10.0" +version = "0.11.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2" +checksum = "b1bf369918379398613de5b595f0f843a9c0eaef8266d33a54fb7f82c69f846e" dependencies = [ "blowfish", - "pbkdf2", - "sha2", + "pbkdf2 0.13.0-rc.1", + "sha2 0.11.0-rc.2", ] [[package]] @@ -548,34 +577,34 @@ dependencies = [ name = "bitwarden-crypto" version = "1.0.0" dependencies = [ - "aes", + "aes 0.8.4", "argon2", "bitwarden-encoding", "bitwarden-error", "bitwarden-uniffi-error", - "cbc", + "cbc 0.1.2", "chacha20poly1305", "ciborium", "coset", "criterion", - "ed25519-dalek", + "ed25519-dalek 2.1.1", "generic-array", "hkdf", - "hmac", + "hmac 0.12.1", "num-bigint", "num-traits", - "pbkdf2", + "pbkdf2 0.12.2", "rand 0.8.5", "rand_chacha 0.3.1", "rayon", - "rsa", + "rsa 0.9.8", "schemars 1.0.0", "serde", "serde_bytes", "serde_json", "serde_repr", "sha1", - "sha2", + "sha2 0.10.9", "subtle", "thiserror 2.0.12", "tsify", @@ -784,13 +813,14 @@ version = "1.0.0" dependencies = [ "bitwarden-error", "bitwarden-vault", - "ed25519", - "ed25519-dalek", - "pem-rfc7468", - "pkcs8", - "rand 0.8.5", - "rand_chacha 0.3.1", - "rsa", + "block-padding 0.4.0-rc.4", + "ed25519 3.0.0-rc.1", + "ed25519-dalek 3.0.0-pre.1", + "pem-rfc7468 1.0.0-rc.3", + "pkcs8 0.11.0-rc.7", + "rand 0.9.2", + "rand_chacha 0.9.0", + "rsa 0.10.0-rc.9", "serde", "ssh-key", "thiserror 2.0.12", @@ -922,14 +952,14 @@ dependencies = [ "bitwarden-uuid", "chrono", "data-encoding", - "hmac", + "hmac 0.12.1", "percent-encoding", "reqwest", "serde", "serde_json", "serde_repr", "sha1", - "sha2", + "sha2 0.10.9", "thiserror 2.0.12", "tokio", "tsify", @@ -970,7 +1000,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -982,6 +1012,16 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.11.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949" +dependencies = [ + "hybrid-array", + "zeroize", +] + [[package]] name = "block-padding" version = "0.3.3" @@ -991,14 +1031,23 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-padding" +version = "0.4.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e59c1aab3e6c5e56afe1b7e8650be9b5a791cb997bdea449194ae62e4bf8c73" +dependencies = [ + "hybrid-array", +] + [[package]] name = "blowfish" -version = "0.9.1" +version = "0.10.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" +checksum = "0f4f049baa079f3b50e74ad3b1fb0585db8ec51f08939671bd6fb4d65886b758" dependencies = [ "byteorder", - "cipher", + "cipher 0.5.0-rc.1", ] [[package]] @@ -1042,7 +1091,7 @@ dependencies = [ "serde", "serde_json", "serde_yaml", - "thiserror 1.0.69", + "thiserror 2.0.12", "tokio", "uuid", "wiremock", @@ -1116,7 +1165,16 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" dependencies = [ - "cipher", + "cipher 0.4.4", +] + +[[package]] +name = "cbc" +version = "0.2.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dbf9e5b071e9de872e32b73f485e8f644ff47c7011d95476733e7482ee3e5c3" +dependencies = [ + "cipher 0.5.0-rc.1", ] [[package]] @@ -1153,20 +1211,32 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", "cpufeatures", ] +[[package]] +name = "chacha20" +version = "0.10.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bd162f2b8af3e0639d83f28a637e4e55657b7a74508dba5a9bf4da523d5c9e9" +dependencies = [ + "cfg-if", + "cipher 0.5.0-rc.1", + "cpufeatures", + "zeroize", +] + [[package]] name = "chacha20poly1305" version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" dependencies = [ - "aead", - "chacha20", - "cipher", - "poly1305", + "aead 0.5.2", + "chacha20 0.9.1", + "cipher 0.4.4", + "poly1305 0.8.0", "zeroize", ] @@ -1218,8 +1288,20 @@ version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ - "crypto-common", - "inout", + "crypto-common 0.1.6", + "inout 0.1.4", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.5.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e12a13eb01ded5d32ee9658d94f553a19e804204f2dc811df69ab4d9e0cb8c7" +dependencies = [ + "block-buffer 0.11.0-rc.5", + "crypto-common 0.2.0-rc.4", + "inout 0.2.0-rc.6", "zeroize", ] @@ -1376,6 +1458,12 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +[[package]] +name = "const-oid" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" + [[package]] name = "content_inspector" version = "0.2.4" @@ -1582,6 +1670,19 @@ dependencies = [ "zeroize", ] +[[package]] +name = "crypto-bigint" +version = "0.7.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f4b0fda9462026d53a3ef37c5ec283639ee8494a1a5401109c0e2a3fb4d490c" +dependencies = [ + "num-traits", + "rand_core 0.9.3", + "serdect 0.4.1", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -1593,6 +1694,26 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a8235645834fbc6832939736ce2f2d08192652269e11010a6240f61b908a1c6" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-pre.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25f2523fbb68811c8710829417ad488086720a6349e337c38d12fa81e09e50bf" +dependencies = [ + "crypto-bigint 0.7.0-rc.9", + "libm", + "rand_core 0.9.3", +] + [[package]] name = "csv" version = "1.3.1" @@ -1616,11 +1737,11 @@ dependencies = [ [[package]] name = "ctr" -version = "0.9.2" +version = "0.10.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +checksum = "27e41d01c6f73b9330177f5cf782ae5b581b5f2c7840e298e0275ceee5001434" dependencies = [ - "cipher", + "cipher 0.5.0-rc.1", ] [[package]] @@ -1632,8 +1753,24 @@ dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", - "digest", - "fiat-crypto", + "digest 0.10.7", + "fiat-crypto 0.2.9", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek" +version = "5.0.0-pre.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f9200d1d13637f15a6acb71e758f64624048d85b31a5fdbfd8eca1e2687d0b7" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest 0.11.0-rc.3", + "fiat-crypto 0.3.0", "rustc_version", "subtle", "zeroize", @@ -1748,8 +1885,19 @@ version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ - "const-oid", - "pem-rfc7468", + "const-oid 0.9.6", + "pem-rfc7468 0.7.0", + "zeroize", +] + +[[package]] +name = "der" +version = "0.8.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9d8dd2f26c86b27a2a8ea2767ec7f9df7a89516e4794e54ac01ee618dda3aa4" +dependencies = [ + "const-oid 0.10.1", + "pem-rfc7468 1.0.0-rc.3", "zeroize", ] @@ -1815,15 +1963,36 @@ dependencies = [ "syn", ] +[[package]] +name = "des" +version = "0.9.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f51594a70805988feb1c85495ddec0c2052e4fbe59d9c0bb7f94bfc164f4f90" +dependencies = [ + "cipher 0.5.0-rc.1", +] + [[package]] name = "digest" version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", - "const-oid", - "crypto-common", + "block-buffer 0.10.4", + "const-oid 0.9.6", + "crypto-common 0.1.6", + "subtle", +] + +[[package]] +name = "digest" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dac89f8a64533a9b0eaa73a68e424db0fb1fd6271c74cc0125336a05f090568d" +dependencies = [ + "block-buffer 0.11.0-rc.5", + "const-oid 0.10.1", + "crypto-common 0.2.0-rc.4", "subtle", ] @@ -1865,12 +2034,12 @@ version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ - "der", - "digest", + "der 0.7.10", + "digest 0.10.7", "elliptic-curve", "rfc6979", - "signature", - "spki", + "signature 2.2.0", + "spki 0.7.3", ] [[package]] @@ -1879,8 +2048,18 @@ version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" dependencies = [ - "pkcs8", - "signature", + "pkcs8 0.10.2", + "signature 2.2.0", +] + +[[package]] +name = "ed25519" +version = "3.0.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ef49c0b20c0ad088893ad2a790a29c06a012b3f05bcfc66661fd22a94b32129" +dependencies = [ + "pkcs8 0.11.0-rc.7", + "signature 3.0.0-rc.4", ] [[package]] @@ -1889,11 +2068,26 @@ version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ - "curve25519-dalek", - "ed25519", + "curve25519-dalek 4.1.3", + "ed25519 2.2.3", "rand_core 0.6.4", "serde", - "sha2", + "sha2 0.10.9", + "subtle", + "zeroize", +] + +[[package]] +name = "ed25519-dalek" +version = "3.0.0-pre.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad207ed88a133091f83224265eac21109930db09bedcad05d5252f2af2de20a1" +dependencies = [ + "curve25519-dalek 5.0.0-pre.1", + "ed25519 3.0.0-rc.1", + "serde", + "sha2 0.11.0-rc.2", + "signature 3.0.0-rc.4", "subtle", "zeroize", ] @@ -1910,19 +2104,19 @@ version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ - "base16ct", + "base16ct 0.2.0", "base64ct", - "crypto-bigint", - "digest", + "crypto-bigint 0.5.5", + "digest 0.10.7", "ff", "generic-array", "group", - "pem-rfc7468", - "pkcs8", + "pem-rfc7468 0.7.0", + "pkcs8 0.10.2", "rand_core 0.6.4", "sec1", "serde_json", - "serdect", + "serdect 0.2.0", "subtle", "zeroize", ] @@ -2056,6 +2250,12 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" +[[package]] +name = "fiat-crypto" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24" + [[package]] name = "flate2" version = "1.1.2" @@ -2249,11 +2449,10 @@ dependencies = [ [[package]] name = "ghash" -version = "0.5.1" +version = "0.6.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +checksum = "4f88107cb02ed63adcc4282942e60c4d09d80208d33b360ce7c729ce6dae1739" dependencies = [ - "opaque-debug", "polyval", ] @@ -2405,7 +2604,7 @@ version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ - "hmac", + "hmac 0.12.1", ] [[package]] @@ -2414,7 +2613,16 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", +] + +[[package]] +name = "hmac" +version = "0.13.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3fd4dc94c318c1ede8a2a48341c250d6ddecd3ba793da2820301a9f92417ad9" +dependencies = [ + "digest 0.11.0-rc.3", ] [[package]] @@ -2472,6 +2680,16 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "hybrid-array" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" +dependencies = [ + "typenum", + "zeroize", +] + [[package]] name = "hyper" version = "1.6.0" @@ -2728,10 +2946,20 @@ version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" dependencies = [ - "block-padding", + "block-padding 0.3.3", "generic-array", ] +[[package]] +name = "inout" +version = "0.2.0-rc.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1603f76010ff924b616c8f44815a42eb10fb0b93d308b41deaa8da6d4251fd4b" +dependencies = [ + "block-padding 0.4.0-rc.4", + "hybrid-array", +] + [[package]] name = "inquire" version = "0.7.5" @@ -3254,7 +3482,7 @@ dependencies = [ "ecdsa", "elliptic-curve", "primeorder", - "sha2", + "sha2 0.10.9", ] [[package]] @@ -3340,7 +3568,7 @@ dependencies = [ "rand 0.8.5", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "strum", ] @@ -3370,8 +3598,17 @@ version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "digest", - "hmac", + "digest 0.10.7", +] + +[[package]] +name = "pbkdf2" +version = "0.13.0-rc.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3fc18bb4460ac250ba6b75dfa7cf9d0b2273e3e623f660bd6ce2c3e902342e" +dependencies = [ + "digest 0.11.0-rc.3", + "hmac 0.13.0-rc.2", ] [[package]] @@ -3383,6 +3620,15 @@ dependencies = [ "base64ct", ] +[[package]] +name = "pem-rfc7468" +version = "1.0.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8e58fab693c712c0d4e88f8eb3087b6521d060bcaf76aeb20cb192d809115ba" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.1" @@ -3407,23 +3653,36 @@ version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ - "der", - "pkcs8", - "spki", + "der 0.7.10", + "pkcs8 0.10.2", + "spki 0.7.3", +] + +[[package]] +name = "pkcs1" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" +dependencies = [ + "der 0.8.0-rc.9", + "spki 0.8.0-rc.4", ] [[package]] name = "pkcs5" -version = "0.7.1" -source = "git+https://github.com/bitwarden/rustcrypto-formats.git?rev=2b27c63034217dd126bbf5ed874da51b84f8c705#2b27c63034217dd126bbf5ed874da51b84f8c705" +version = "0.8.0-rc.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0946dd690acbc58b91838b6d2252e232c46e562fcb6f56c909fae70c88430a5f" dependencies = [ - "aes", - "cbc", - "der", - "pbkdf2", + "aes 0.9.0-rc.1", + "aes-gcm", + "cbc 0.2.0-rc.1", + "der 0.8.0-rc.9", + "pbkdf2 0.13.0-rc.1", + "rand_core 0.9.3", "scrypt", - "sha2", - "spki", + "sha2 0.11.0-rc.2", + "spki 0.8.0-rc.4", ] [[package]] @@ -3432,10 +3691,20 @@ version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ - "der", + "der 0.7.10", + "spki 0.7.3", +] + +[[package]] +name = "pkcs8" +version = "0.11.0-rc.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93eac55f10aceed84769df670ea4a32d2ffad7399400d41ee1c13b1cd8e1b478" +dependencies = [ + "der 0.8.0-rc.9", "pkcs5", - "rand_core 0.6.4", - "spki", + "rand_core 0.9.3", + "spki 0.8.0-rc.4", ] [[package]] @@ -3499,19 +3768,29 @@ checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" dependencies = [ "cpufeatures", "opaque-debug", - "universal-hash", + "universal-hash 0.5.1", +] + +[[package]] +name = "poly1305" +version = "0.9.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb78a635f75d76d856374961deecf61031c0b6f928c83dc9c0924ab6c019c298" +dependencies = [ + "cpufeatures", + "universal-hash 0.6.0-rc.2", + "zeroize", ] [[package]] name = "polyval" -version = "0.6.2" +version = "0.7.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +checksum = "1ffd40cc99d0fbb02b4b3771346b811df94194bc103983efa0203c8893755085" dependencies = [ "cfg-if", "cpufeatures", - "opaque-debug", - "universal-hash", + "universal-hash 0.6.0-rc.2", ] [[package]] @@ -3662,7 +3941,7 @@ dependencies = [ "bytes", "getrandom 0.3.3", "lru-slab", - "rand 0.9.1", + "rand 0.9.2", "ring", "rustc-hash", "rustls", @@ -3716,9 +3995,9 @@ dependencies = [ [[package]] name = "rand" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ "rand_chacha 0.9.0", "rand_core 0.9.3", @@ -3886,7 +4165,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "hmac", + "hmac 0.12.1", "subtle", ] @@ -3919,17 +4198,36 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" dependencies = [ - "const-oid", - "digest", + "const-oid 0.9.6", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-traits", - "pkcs1", - "pkcs8", + "pkcs1 0.7.5", + "pkcs8 0.10.2", "rand_core 0.6.4", - "sha2", - "signature", - "spki", + "signature 2.2.0", + "spki 0.7.3", + "subtle", + "zeroize", +] + +[[package]] +name = "rsa" +version = "0.10.0-rc.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf8955ab399f6426998fde6b76ae27233cce950705e758a6c17afd2f6d0e5d52" +dependencies = [ + "const-oid 0.10.1", + "crypto-bigint 0.7.0-rc.9", + "crypto-primes", + "digest 0.11.0-rc.3", + "pkcs1 0.8.0-rc.4", + "pkcs8 0.11.0-rc.7", + "rand_core 0.9.3", + "sha2 0.11.0-rc.2", + "signature 3.0.0-rc.4", + "spki 0.8.0-rc.4", "subtle", "zeroize", ] @@ -4083,11 +4381,12 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" [[package]] name = "salsa20" -version = "0.10.2" +version = "0.11.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" +checksum = "d3ff3b81c8a6e381bc1673768141383f9328048a60edddcfc752a8291a138443" dependencies = [ - "cipher", + "cfg-if", + "cipher 0.5.0-rc.1", ] [[package]] @@ -4181,13 +4480,13 @@ dependencies = [ [[package]] name = "scrypt" -version = "0.11.0" +version = "0.12.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" +checksum = "b3c33c6091950068d08cb0974afb259fba7fb7e992bf297a8b264c47b3d82d75" dependencies = [ - "pbkdf2", + "pbkdf2 0.13.0-rc.1", "salsa20", - "sha2", + "sha2 0.11.0-rc.2", ] [[package]] @@ -4196,11 +4495,11 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "base16ct", - "der", + "base16ct 0.2.0", + "der 0.7.10", "generic-array", - "pkcs8", - "serdect", + "pkcs8 0.10.2", + "serdect 0.2.0", "subtle", "zeroize", ] @@ -4394,7 +4693,17 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a84f14a19e9a014bb9f4512488d9829a68e04ecabffb0f9904cd1ace94598177" dependencies = [ - "base16ct", + "base16ct 0.2.0", + "serde", +] + +[[package]] +name = "serdect" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3ef0e35b322ddfaecbc60f34ab448e157e48531288ee49fafbb053696b8ffe2" +dependencies = [ + "base16ct 0.3.0", "serde", ] @@ -4406,7 +4715,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -4417,7 +4726,18 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1e3878ab0f98e35b2df35fe53201d088299b41a6bb63e3e34dada2ac4abd924" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.11.0-rc.3", ] [[package]] @@ -4472,10 +4792,20 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ - "digest", + "digest 0.10.7", "rand_core 0.6.4", ] +[[package]] +name = "signature" +version = "3.0.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc280a6ff65c79fbd6622f64d7127f32b85563bca8c53cd2e9141d6744a9056d" +dependencies = [ + "digest 0.11.0-rc.3", + "rand_core 0.9.3", +] + [[package]] name = "siphasher" version = "0.3.11" @@ -4533,50 +4863,65 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", - "der", + "der 0.7.10", +] + +[[package]] +name = "spki" +version = "0.8.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" +dependencies = [ + "base64ct", + "der 0.8.0-rc.9", ] [[package]] name = "ssh-cipher" -version = "0.2.0" +version = "0.3.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "caac132742f0d33c3af65bfcde7f6aa8f62f0e991d80db99149eb9d44708784f" +checksum = "481f53252058ad302f9dff47a3ca03c5e30e34e49226d9549a7e9d16cb210700" dependencies = [ - "aes", + "aead 0.6.0-rc.2", + "aes 0.9.0-rc.1", "aes-gcm", - "cbc", - "chacha20", - "cipher", + "cbc 0.2.0-rc.1", + "chacha20 0.10.0-rc.2", + "cipher 0.5.0-rc.1", "ctr", - "poly1305", + "des", + "poly1305 0.9.0-rc.2", "ssh-encoding", "subtle", + "zeroize", ] [[package]] name = "ssh-encoding" -version = "0.2.0" +version = "0.3.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb9242b9ef4108a78e8cd1a2c98e193ef372437f8c22be363075233321dd4a15" +checksum = "2f1447aab1592c131dec60f7d8cc0b2fb4042d0bf2c90c40f972c2c046b25d1b" dependencies = [ "base64ct", - "pem-rfc7468", - "sha2", + "crypto-bigint 0.7.0-rc.9", + "digest 0.11.0-rc.3", + "pem-rfc7468 1.0.0-rc.3", + "subtle", + "zeroize", ] [[package]] name = "ssh-key" -version = "0.6.7" +version = "0.7.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b86f5297f0f04d08cabaa0f6bff7cb6aec4d9c3b49d87990d63da9d9156a8c3" +checksum = "7307406fcbbeb6933b5c8cc84ec0fefee80fec53ba5b88b96674c0a75495090a" dependencies = [ "bcrypt-pbkdf", - "ed25519-dalek", - "num-bigint-dig", - "rand_core 0.6.4", - "rsa", - "sha2", - "signature", + "ed25519-dalek 3.0.0-pre.1", + "rand_core 0.9.3", + "rsa 0.10.0-rc.9", + "sha2 0.11.0-rc.2", + "signature 3.0.0-rc.4", "ssh-cipher", "ssh-encoding", "subtle", @@ -5323,7 +5668,17 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" dependencies = [ - "crypto-common", + "crypto-common 0.1.6", + "subtle", +] + +[[package]] +name = "universal-hash" +version = "0.6.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a55be643b40a21558f44806b53ee9319595bc7ca6896372e4e08e5d7d83c9cd6" +dependencies = [ + "crypto-common 0.2.0-rc.4", "subtle", ] @@ -5612,7 +5967,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 675ecfcdb..a8d2bcd5e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -86,11 +86,7 @@ wasm-bindgen-futures = "0.4.41" wasm-bindgen-test = "0.3.45" wiremock = ">=0.6.0, <0.7" -# There is an incompatibility when using pkcs5 and chacha20 on wasm builds. This can be removed once a new -# rustcrypto-formats crate version is released since the fix has been upstreamed. -# https://github.com/RustCrypto/formats/pull/1625 [patch.crates-io] -pkcs5 = { git = "https://github.com/bitwarden/rustcrypto-formats.git", rev = "2b27c63034217dd126bbf5ed874da51b84f8c705" } uniffi = { git = "https://github.com/mozilla/uniffi-rs", rev = "6d46b3f756dde3213357c477d86771a0fc5da7b4" } uniffi_core = { git = "https://github.com/mozilla/uniffi-rs", rev = "6d46b3f756dde3213357c477d86771a0fc5da7b4" } diff --git a/crates/bitwarden-ssh/Cargo.toml b/crates/bitwarden-ssh/Cargo.toml index 7211a8357..28dbd7dd7 100644 --- a/crates/bitwarden-ssh/Cargo.toml +++ b/crates/bitwarden-ssh/Cargo.toml @@ -26,14 +26,15 @@ uniffi = ["dep:uniffi"] # Uniffi bindings [dependencies] bitwarden-error = { workspace = true } bitwarden-vault = { workspace = true } -ed25519 = { version = ">=2.2.3, <3.0", features = ["pkcs8"] } -ed25519-dalek = { workspace = true, features = ["pkcs8"] } -pem-rfc7468 = "0.7.0" -pkcs8 = { version = ">=0.10.2, <0.11", features = ["encryption"] } -rand = ">=0.8.5, <0.9" -rsa = ">=0.9.2, <0.10" +block-padding = { version = "=0.4.0-rc.4" } +ed25519 = { version = "3.0.0-rc.1", features = ["pkcs8"] } +ed25519-dalek = { version = "=3.0.0-pre.1", features = ["alloc", "pkcs8"] } +pem-rfc7468 = "1.0.0-rc.3" +pkcs8 = { version = "=0.11.0-rc.7", features = ["encryption"] } +rand = "0.9.2" +rsa = "0.10.0-rc.9" serde.workspace = true -ssh-key = { version = ">=0.6.7, <0.7", features = [ +ssh-key = { version = "0.7.0-rc.3", features = [ "ed25519", "encryption", "rsa", @@ -44,7 +45,7 @@ uniffi = { workspace = true, optional = true } wasm-bindgen = { workspace = true, optional = true } [dev-dependencies] -rand_chacha = "0.3.1" +rand_chacha = "0.9.0" [lints] workspace = true diff --git a/crates/bitwarden-ssh/resources/generator/rsa3072_key b/crates/bitwarden-ssh/resources/generator/rsa3072_key index 3baf6e51e..1ca9bc119 100644 --- a/crates/bitwarden-ssh/resources/generator/rsa3072_key +++ b/crates/bitwarden-ssh/resources/generator/rsa3072_key @@ -1,38 +1,38 @@ -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn -NhAAAAAwEAAQAAAYEAtdNHSX2k5hYFbB4co3CTzdD76Zk18BPuU8Z1xo4cLcXK/DVvDMSJ -SG635FnUIIsDY4g6cua9f6X55nx3KgM1NaMBMEy/XApKpS1ap2UEzqoOl+g0pjTt5JeTLl -8HMgKCmlu5aAK/qi/kYdCwNQ2T7lyn+X0v2oUn0/nJUMsnDN+UQr9ZRA4606tduTcqGwpK -NDk60HgAVOjaNbWcsPavabMsZpFyJc4PeDHmWqZpy6/vdbePDLa6cc+Ktc4NepZeRrEJdB -Xfo6Z+FGs+YYU0jWfi7Pfk/MPYFIFQP2GG0c/w6IIVkLdDr+euvM27yk9x0RDGe9YTcg37 -Xy8Gy5Bn4J0lRB3IGEirvcMGQeqNLMvoGxT7F15Eu3VTZKuRhrp8vDYpcOEgs8hkSEoV1F -lYIa+3MwCQ8wJYTB15l+WhCEAAwk0SAL8G7v4D45GdmxtCKaCRK0UHYMJKFk8xFP9nmmZj -Occ+MillCzCh1z4Jj3MdDNriza5AiY/EKXq06xn7AAAFeDdirUw3Yq1MAAAAB3NzaC1yc2 -EAAAGBALXTR0l9pOYWBWweHKNwk83Q++mZNfAT7lPGdcaOHC3Fyvw1bwzEiUhut+RZ1CCL -A2OIOnLmvX+l+eZ8dyoDNTWjATBMv1wKSqUtWqdlBM6qDpfoNKY07eSXky5fBzICgppbuW -gCv6ov5GHQsDUNk+5cp/l9L9qFJ9P5yVDLJwzflEK/WUQOOtOrXbk3KhsKSjQ5OtB4AFTo -2jW1nLD2r2mzLGaRciXOD3gx5lqmacuv73W3jwy2unHPirXODXqWXkaxCXQV36OmfhRrPm -GFNI1n4uz35PzD2BSBUD9hhtHP8OiCFZC3Q6/nrrzNu8pPcdEQxnvWE3IN+18vBsuQZ+Cd -JUQdyBhIq73DBkHqjSzL6BsU+xdeRLt1U2SrkYa6fLw2KXDhILPIZEhKFdRZWCGvtzMAkP -MCWEwdeZfloQhAAMJNEgC/Bu7+A+ORnZsbQimgkStFB2DCShZPMRT/Z5pmYznHPjIpZQsw -odc+CY9zHQza4s2uQImPxCl6tOsZ+wAAAAMBAAEAAAGBAIeywd5ALiQlxTA2nOsBpt2RHa -DuXknpphHR6K4h+zfSCTcHbfSabVaogweiXuVWulW7ItwEBuNQbNwuggTR1hFMsSNp89ru -N11lJuYNR3QxiKiofTqZ//19fjO6ajVRmEU5NXtBqeeKzKiPxiIiGwhnEFnrqx4sCFh0cG -Gi7Gb4Kb9S7X0UHaVBnLYRTJRXrp+hIprZJG46RjiVbPbJdIqvVPDLleRPEE6E90UqM4T3 -rgAt2U4ExcsQuJYMzRRzSXDQ6mO3qr4JhO3D5SfqqBpD9lXjtw4KRiV4tvxpVYAwMymJcf -gC4gVZfAo3MX8NsWjyFLlDxB0cW18oDf7p0tzgjNbr1d8V3bM30xI52gbZCBuRnhUrh0jn -JJLQo+gRxqLUtDVXo6Y1VCsE/0FjcqrjYu1d7NrnLdG/Igrvo2bz4D3gGA8wWXTGW8vVTz -gW3aj4SyI/x0DK5Agr6uigYEe4l7o2BAYHho3/YBwPBz0ZUQuIyJY0uBoY8265xkcaiQAA -AMAF2fIw31jVrEmj/7xoxFLt78ATFh7n/hpCpczO6dGPEQPkd0LjsQars/6uws5AHaBpVQ -3hfrBwidlwkWgwMCx0Tz9T8Q2mzUwoaaWZZ8QxhqglFzkCxWeQOegjTxciecD/JQ4JFfaO -Ew6yz7xvf8KPJrOINeqgWKL+CR7qhVfntWf5uDO8yTGStfk3rFMvkRv8+QGpZJ24g/hOsd -TKDUgNZX1YGT+TxnxxCRjilMzWcWZOHWIKaXjDcSs0xxPPLQIAAADBANG/vxPbYPx85+Ih -puHn5Kbe5Nav4dojCoABqEwEY3IgTuxPOeMKvLVK67mYTTB85DicIsoTLpkHSFfl0l5cgN -pk1Xv3jwq8zMfK/x3Pnpoy55H9iUordZ+ihHyaN5XBUEloc1oIQc0p/g5vVOMl+magd94M -/g6hQ9SxexNvyBaIJeSRLZH7VEPq/FvMfPgOkO1dE0G3fmSNKirYyym0JlfHt069A3nWJC -ubwEZiOQyvPYQgf/Kp8jHgekhLOPHefwAAAMEA3es/2izSNcWTX7LTsheWsNQo+E5RywUQ -g4UyS4NbdrpJjuOCEevjzXtwqupLVpCLdOthLc9H5C1m9yBaR2y5T+hBAPildGKjfeCWqt -wuIsiS+W9+HkZty8Rq3+V56CaFw2/NftTt9xBnfaT1DMJad9l6wTOlsDOKV3qhKzI6SHGt -L2ScS9dRGcY6Xf3hIs+c5vXQRYpzG/zS0URAMzkpVyHsESe/dYwIswpmRC4Mq3DbI2jFlZ -92BGVXBMaMQH6FAAAAAAEC +NhAAAAAwEAAQAAAYEA1CL7TYz/qI2ybGc2DvRx2syud94RO+B8yuS3OGmB+cEwbpsYaEFt +sEYLwDs50VGXRItfIZZoqoIqwW94U+Z5iQmdWRER61hB5PmXMPfFH0UuwAueH0UzsnCp0f +kigaQWtNsRZLbsFwehRa6WdsFsybjpirOFvYsKN2NR8LeTtrRsM4WRbddhTxYjBPXuJbg+ +UsAKgkcODywmTPqv+kdG1/rr5UkzMa6YiKyoi/6UIfHAp3GBfAXMDuesbBGhia6vZ12RDj +IhD/rSB5P/KPkGYD9gJAkZm5cXj5oYEzr/KWxj+ac2yqrcaVM4QjYxzJsxYAHYWE+MoBza +LYvCDdfClUbtcmUTl1ZMiK2gGWqeL7LQYdE9yyw9j9BcCqE1qt8SI4eYLYWHVy/slvh/IJ +H++/VPlVZrmwuqy9FHb+j4arUCertnLa9TsIT4nPodu4fU7NCg8hUP4G+I/w6eLMlIeipK +MFmId4RfORIOqeJ/D4DkYjP+HnuixU/BYRKRQ6URAAAFeI3dtDON3bQzAAAAB3NzaC1yc2 +EAAAGBANQi+02M/6iNsmxnNg70cdrMrnfeETvgfMrktzhpgfnBMG6bGGhBbbBGC8A7OdFR +l0SLXyGWaKqCKsFveFPmeYkJnVkREetYQeT5lzD3xR9FLsALnh9FM7JwqdH5IoGkFrTbEW +S27BcHoUWulnbBbMm46Yqzhb2LCjdjUfC3k7a0bDOFkW3XYU8WIwT17iW4PlLACoJHDg8s +Jkz6r/pHRtf66+VJMzGumIisqIv+lCHxwKdxgXwFzA7nrGwRoYmur2ddkQ4yIQ/60geT/y +j5BmA/YCQJGZuXF4+aGBM6/ylsY/mnNsqq3GlTOEI2McybMWAB2FhPjKAc2i2Lwg3XwpVG +7XJlE5dWTIitoBlqni+y0GHRPcssPY/QXAqhNarfEiOHmC2Fh1cv7Jb4fyCR/vv1T5VWa5 +sLqsvRR2/o+Gq1Anq7Zy2vU7CE+Jz6HbuH1OzQoPIVD+BviP8OnizJSHoqSjBZiHeEXzkS +Dqnifw+A5GIz/h57osVPwWESkUOlEQAAAAMBAAEAAAGAbEiy+IIJmlNCCV2h1X5ng6VJRX +yAVY0ghjy7XbtVklRP0ZWvnsAPKpSGuQhCWhuI2H8//xgUszygcH7i8AjMbuwOeoFhIT26 +3ROeXmuLHowk8fi8LQAZBHPH65t9RqmowYa1WTCaUKMfaj9VJKdVTZ7q71b15KvNejpjgD +lk2DU+qgn7ExOG42TMWWLjvjNO9NR8SMXWYl5J6q9oFpw9iE/YDAESdcDGsbVYj6VSngUW +LyKcUt9uqwkNFVjmmS4mAp4Z5kcgk6ElKqQPo06Lqpo/mzyfkBEEVngBkjaxya5DisuMVg +nqamNNVgH4xwOTcyOrOqcDU1UYmqBBQQ2kUBLowo7O1FwZMFtFMzU5tmKoNy49XliyZ0El +Nhsg0xiSG+d3Pl7kXzGfk26k4T5p2iBvKbLkBOzcqGj/fHfD0gGcSL22NVH8jOr0272XZQ +5bbS4RKeRsfWtJWWRfyqPViAj+L+w/12Cv8I/Nao/b56+XidbpZjLBr1uSF8p0WBoVAAAA +wQCGmxK2tIlC8yxgK8M0A1rUCYxLlLfsA6gZXvBjGzwBHMs7GGzoOve1+3k3EyukHPDSuz +f5LdEv18XtlR702C0PVSHrU4aFHc63DsSmpnKZN5KqIQC6ia3eZS+Uyi/Bzoss5B1hPsv3 +YEGuUuoof3pnjdXY1+KCKHwcIOfxtFf2aNjG3kyIr438cUaFANICwX8QSKqFxcgJ1W0AnE +x8kSDiudfxfYjyF2W88iheGJWDv2vzHSO/Kvp58wMB5FrD+7wAAADBANzCTgWuXKSnONLk +8UKnsBAWUfnLSKRgDMwt9bfQ3Z/1q6jMlhU1Rkg+aZf+ptO/aF1CtsGQ6YuOU8zeS3zWDL +IWk+YXsKZEJ8BRUZDKRh7pQ8iMG5e4AsYR8UyhzY0lQrSJwEwhhRUVzMu9GbfrKMY9F+CM +M3H8hv50PiBBiNULviYTQS/oC2EZad6gLJ9iOnmM+qw0KOgswON60nn4ZAVfFa4upYkAfh +R04Em7wykE1YMmXxLOH4FT+VUHapr3pwAAAMEA9gBPPHPEVkDth9eSgew9ZTaPeURx5J9h +k9v7tcvqPKep8aXyX0JjNvJbk4B9B4C1e9D7UuFVcVkaZRwHHNeUnc8x0APhiUHaXbI1tI +p7OWln6eqjZOWBF5qlPmt39IORToR7EG4BRyz7Vjki4OqlI0B57h9LcEJYmkE8S98st/Tf +JXLLnV7TklhjxO/M3NTvMLLkRDK4Wg3hq2yLYvUC0oxsDRiHo9CWAjPaGHPiGPrV9rv9bG +Ok0DjGumEWfhSHAAAAAAEC -----END OPENSSH PRIVATE KEY----- diff --git a/crates/bitwarden-ssh/resources/generator/rsa4096_key b/crates/bitwarden-ssh/resources/generator/rsa4096_key index 3edf70653..57790eef8 100644 --- a/crates/bitwarden-ssh/resources/generator/rsa4096_key +++ b/crates/bitwarden-ssh/resources/generator/rsa4096_key @@ -1,49 +1,49 @@ -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAgEAvn9WSzMTT3mYdvUp8fp+2fkH/ozjMcxQGT78pcCQQ3lienR7m5uh -OiD/9av3F44YPpSKykMnIfmLU1pZigKQdZvNPAbtC0eg9qcZxmrzRzaDwVq6AkaHcIj+QO -9lhNkcMOn2IEU52a11NeX2xZIfVF3zAHNxstLoO8U9j1HBNwAYdZJ2nDim0ayAXf9mZWgK -g3IL+EJSoFrzftDc6BEQ0psdESVB+z2SFt8joo1wTcFQi3OzORgGNW/ME/BJQvTt4j7Upi -+ebrlTwYm43War+hrWIdfL4lxtmnVHYHFO0zELdOmPsN2+AzEYJ6vEkukcpql17L/c6HcR -VogGDezvPoygoFbNefnUdCWbBZOb5LtCbhWZmutbwH5YiYCCWuZ39dlqO+9ip6xrAK+7ox -JMSBzG7kLgF2uVt/w/XOhjDyiKzgCS8zBK868/LdAJtqAhARY8x6e9DDu3ghWFDI8e0iEK -kwBAZMGLJhT4lSTgiKwizcIQsx5aZ54RznGdGhTNkrwL7mWg7USW1gDmSHHNy7rgKxNhbu -ycOAKICCllTESZtmYocRkcJOW8vW3p0zmjdjIYLg/3q7JcscbDg+JDgSYvCIFqrm0tiurG -RjlHCk4JUcExUA42W5QZox0nybw3zD/xjm8IstiC1sg6UXj4e49jxlEs0463WKOkr5n4BN -8AAAc455bHt+eWx7cAAAAHc3NoLXJzYQAAAgEAvn9WSzMTT3mYdvUp8fp+2fkH/ozjMcxQ -GT78pcCQQ3lienR7m5uhOiD/9av3F44YPpSKykMnIfmLU1pZigKQdZvNPAbtC0eg9qcZxm -rzRzaDwVq6AkaHcIj+QO9lhNkcMOn2IEU52a11NeX2xZIfVF3zAHNxstLoO8U9j1HBNwAY -dZJ2nDim0ayAXf9mZWgKg3IL+EJSoFrzftDc6BEQ0psdESVB+z2SFt8joo1wTcFQi3OzOR -gGNW/ME/BJQvTt4j7Upi+ebrlTwYm43War+hrWIdfL4lxtmnVHYHFO0zELdOmPsN2+AzEY -J6vEkukcpql17L/c6HcRVogGDezvPoygoFbNefnUdCWbBZOb5LtCbhWZmutbwH5YiYCCWu -Z39dlqO+9ip6xrAK+7oxJMSBzG7kLgF2uVt/w/XOhjDyiKzgCS8zBK868/LdAJtqAhARY8 -x6e9DDu3ghWFDI8e0iEKkwBAZMGLJhT4lSTgiKwizcIQsx5aZ54RznGdGhTNkrwL7mWg7U -SW1gDmSHHNy7rgKxNhbuycOAKICCllTESZtmYocRkcJOW8vW3p0zmjdjIYLg/3q7JcscbD -g+JDgSYvCIFqrm0tiurGRjlHCk4JUcExUA42W5QZox0nybw3zD/xjm8IstiC1sg6UXj4e4 -9jxlEs0463WKOkr5n4BN8AAAADAQABAAACAHisG1L5oNLoeP9qIE8L2k1j5n+GaelCvr6v -WsX47KoBe7OMlDynYoN7IglTDOxb89m4qQ6laWWpOWvswOme5DnMHz9WN9S8ZCe7BKXfXA -qRavcR7ODCIsvTzBQAUnPMQIJvwp0AnTvaGHSzHxZakQQVm3h+qNiZp8ktEej25glcQyI/ -TGl7rZkGyC5DOm8kb/yCQzjZcpPn6XU9A6LyJJD0933D9z8a6q8YXO9831YyDj64ZSDWqi -AxmLpMrWv/0a1PFc/MPHVxarAf+P4vKuP9GgZIN/xFhpygjD14qXE5EUPXLFHitZo6AE4p -DhXuG1sr3+rAQ0TzIAWLlyI9I/OIodFHUJKDY3HCvCyHYP8k4xNqj9xWyp9USsjwgVj6nl -htMY5AbP8l/uJhYXEgvZxYN9CCKkdb2mB6c1++XrVh2plPM7nFKEAtv316FRRKFRZN3eqq -e0JQZl9wnfiVjA5ecYKYFVbmscFiZ+hEAR7odLf9BfhdCnKsLucbeZ0AR+SvJ9QVhs+EWa -jvEpw/ihHQDSPabjduHOtAzY61L63wut42J6KCCXacW93itrlDJ1CHhDO8e7Ilo+t7G4Ck -rtMk7/r9aaxZ6tY5TDywFjXewcAqw1aZo0OnNuW+oqVrenUNCQiYLt/Y4cfrvCTQP+i0bs -WZIKJ9GXpmDcrszVShAAABAB6zwyso3FkNbibOX/qIHYMJd0qrBgVZ2RJPjLkrI+7KNRme -Uxgr+/hheFt13wlHTFxLWGSsNwPuRNCmosgC1XKhygsryBo9UcNTekwGHzaJFk3Jyxw3kl -htOpW3z87Dq59G5y7jt0DeX755HFh28HvgqCDj2b4fPGEDAzcjDz20MxOFzGyZQWSKIy+u -4kw0DJx5c84XCChOYn09syX+0dQE30lid3aDjG5+dqgFityj+cvNB/9AiA/QfHbIBAVRR1 -U6uZIbFyujcYV9HtmA7ZKE+WyCGmdJUd8+0mpcGsAyKTR0EqqGnQKqf33ymJmf3gPkAm04 -oiIVE/24tJUAC24AAAEBAOO3m2BrCAZHoW3zYbkYRHsExrbPKNgwG1DE8Dlh1e9/vw3Tqt -Cktvxrpga1xI1iLvyrFkYmTYD95LOdJtdoj2b8DPUJchYhf6+qu4iBEDhlRY0XHpjERuQI -nJXKT3vuObn8JPpiOCx0YREBq/mXkU0R7G6HFQVXd60hgC71haSjXZL/vHrJ1pBq+Dca/X -oooU3cKEkVMeNB2/fKLAQqQLbBxcc+wbvmedMyzrgq0StSJ79pEhCO/OE/nvnNzU/FlkVn -1tx83bsb1hL51wq0g6mUzHMOg6SXCotH4QCEAI0t1Dd/JhtJJCJzMB8KRMTsuvMeXFeYKy -YbMur0dd2Yzm8AAAEBANYoTmEbr6vrwS9iCaoS0FTZBY15qnA3WsSfeVC7inWQkXHijaFH -JW9w1Tqjcxk80gu9cXnxYdaaY3Zju0gY+zeaHipxcWjIsxMvXuzzkVbyKVE3UVtZjfORE5 -fbMPuBuLrrt/efsIzfBkFnuMgSGQld8hgvj3bzyCt8TPzdT7H8dYHEbayXL3+CQar29i2E -+xqSEWH3n5Fxu/meW8xxmuWRjODblZ1zrI2vmg2rcr4IeGfQcZCzNnuVpSxiuzbkgOi8+5 -SiFJQOUGJywXoxLsVP9ERqHHctUM8709l1yj5dAlcbBm1kQcL4ROHuUW6dClDb1oq/7h83 -lPX5us1SaJEAAAAAAQID +NhAAAAAwEAAQAAAgEAr2pW4awQce0BepReDs4fLO/q+fezoCSIPYrIqHGEFYlnVBzEIGyH +zd4ZgQYmZmbbRhyHMR67Pa75FPrtyT/hYUCa+8XUNpQjP1K39WMOrxZTCwOE669I7TV3Xs +SsZ6x4d+2skkiK+rmditnwjvOuuIsm113RzJkwb5NHTklTFLE0Cs36oAVOXa0kRyFX0Yyg +WSvMpNITF2ZbaCNcEyMQNhkrN1VuTLK58y4YuN1h7fHMmsb6IEhyK5LTm2gVGjNzizOI9P +Winbbz2woeV38QVJ2+51v5KMpJFdI0DunnFaBLzuCFmRAhns0jOLO0NibpCLoAe2HlmUU3 +1I5TtTQCNZxdw1CYC2tliKlzjaT8p43nyFYkaVTrIVihaIeHJVuDEKYnvcBjR63B1jLyCi +msdNwZVuIiCdG1+lsvvLZ84q8Iye0WPTizRfWglZ4eqFY+V2q1KNEAjErxIHG0dP3fWgHN +35WU9LfZ+3inGDaj7/QkC1Wwtga/uycaxahV6Fch/+C5zlOdrqL5cIzIFHclpt7lJW5tzx +26nPmSI/azvKjlwKWCpTp1VDt4motvzlPS5Mwquvg3/eNX42YVa6NZM6f+oL5bQQ6ZvaX2 +DLginkMvNH/qbCl667XX7A+dlnEOPJlC1FiJmWfDRHMNLrexeopTM7y2nqmOL9RG1NNflF +sAAAc48VezOfFXszkAAAAHc3NoLXJzYQAAAgEAr2pW4awQce0BepReDs4fLO/q+fezoCSI +PYrIqHGEFYlnVBzEIGyHzd4ZgQYmZmbbRhyHMR67Pa75FPrtyT/hYUCa+8XUNpQjP1K39W +MOrxZTCwOE669I7TV3XsSsZ6x4d+2skkiK+rmditnwjvOuuIsm113RzJkwb5NHTklTFLE0 +Cs36oAVOXa0kRyFX0YygWSvMpNITF2ZbaCNcEyMQNhkrN1VuTLK58y4YuN1h7fHMmsb6IE +hyK5LTm2gVGjNzizOI9PWinbbz2woeV38QVJ2+51v5KMpJFdI0DunnFaBLzuCFmRAhns0j +OLO0NibpCLoAe2HlmUU31I5TtTQCNZxdw1CYC2tliKlzjaT8p43nyFYkaVTrIVihaIeHJV +uDEKYnvcBjR63B1jLyCimsdNwZVuIiCdG1+lsvvLZ84q8Iye0WPTizRfWglZ4eqFY+V2q1 +KNEAjErxIHG0dP3fWgHN35WU9LfZ+3inGDaj7/QkC1Wwtga/uycaxahV6Fch/+C5zlOdrq +L5cIzIFHclpt7lJW5tzx26nPmSI/azvKjlwKWCpTp1VDt4motvzlPS5Mwquvg3/eNX42YV +a6NZM6f+oL5bQQ6ZvaX2DLginkMvNH/qbCl667XX7A+dlnEOPJlC1FiJmWfDRHMNLrexeo +pTM7y2nqmOL9RG1NNflFsAAAADAQABAAACAGO809+GpOcR+ihHWd+TJTi4xWMRiwmAHBLZ +6VOVD6PrN1wk6wMAkorkQJ4S8ByDWSPZLqkoLxBYf3mFX1RxROW2BSkoh4vs2Mm1b7FPfF +bjG56Ehrw3MwDkyJWSv/BGqUyPT/Lw2kzK4x/C4Tt2pJ57SD9mMdbiNx8Jn56MpHd8dfm6 +ukjoG3G584maFMOp8LYi6D3C0GYapdhlWoHrCtmnn+HbalajvITfbeEWxwqy1EIg5rEaYA +gUeMrA+FaocIbya2nUjHyePLMLYssfDRr/gj8sFVQzCDEnDsB4EBNEzDW5hVzNRkBzpRYl +X072+sMidwmwVQq7x43Myx2Zj7MYgwm9dELgjhY4t9zAm2C6Y+rV0yNBRWJS9IoTfsU9Qw +rguksJHYm8bOMYF4v5wgyRkSnRgZ1zOrGiLclH3Duwo+AFgnCs11lTfCZ0wG5PohLGQ7ve +4NJrEySYkFF+6iDsjB3gdasC5oxlQzOeh0TyYYEU3lYp5BDlgn3Uxm3KZnmgRSbv1Vwn9T +kDx/qy2cSvj2ptpFzr1FlDzkYrsRhrgqBF46nR07rA3btsNKoXhW8H1JvECwlnPx2oQNc7 +etWMZ8gNwYEmEkOLPFMSCwrqpxoqYOOtXXFJMQTVIITKC7e7pkEwNPe1klpqMpk2lBEa4q +jrGvbLbltqWUBpCngRAAABAD+OxHz+6C+ei7lgqNFkEKfcRhQszd8HMp+F7sDUQDGJN/y/ +x7WLCGMbncOo7RKgGD9j+qkxUrVDCnodOGEzpnPexMCYHWtyJdX1zaMufqB2jN9Ger2uz8 +kPjRp67fCj0BOqHmJt9lyzflXXs4PCSf8/ZCqQFXsH1XeVTxZQPUXGSeQNXe2Mnmhg1jEA +EZrh8+V/6HPMXSs3AtebeAl2NvNC8ULKH+BOnee1wb9qaCwZeLK6IAL53LM2udcZrJ6Jvh +YBG4X8GnAXsBGODHVZHswggIAutccpLVV0iY6t11SmsUdjDo5mfLWp6lagmhepfzd9SHU3 +CeLd3GBdyCE/GoQAAAEBAN8lcsudXtOSWGPE78zc1O8wsuREMrhaDeGrbIti9QLSjGwNGI +ej0JYCM9oYc+IY+tX2u/1sY6TQOMa6YRZ+EOAcwk4FrlykpzjS5PFCp7AQFlH5y0ikYAzM +LfW30N2f9auozJYVNUZIPmmX/qbTv2hdQrbBkOmLjlPM3kt81gyyFpPmF7CmRCfAUVGQyk +Ye6UPIjBuXuALGEfFMoc2NJUK0icBMIYUVFczLvRm36yjGPRfgjDNx/Ib+dD4gQYjVC74m +E0Ev6AthGWneoCyfYjp5jPqsNCjoLMDjetJ5+GQFXxWuLqWJAH4UdOBJu8MpBNWDJl8Szh ++BU/lVB2qa9jkAAAEBAMk94KhHFn8nnBX2P2smbfDCmnVU6HYolbZaIt6PUOBGjSVa8bQa +bRjX79zFlLRJw+hSIvNqWnDM6HOk3kacrviQh4hnak8OKJuHQ+pjfnJkLoD7YUCFjJ+3Xy +E/VCEMEQ8+yTkdW6weguson372MRIOXCO+aIrbDQpaBS8T4CBndgBPPHPEVkDth9eSgew9 +ZTaPeURx5J9hk9v7tcvqPKep8aXyX0JjNvJbk4B9B4C1e9D7UuFVcVkaZRwHHNeUnc8x0A +PhiUHaXbI1tIp7OWln6eqjZOWBF5qlPmt39IORToR7EG4BRyz7Vjki4OqlI0B57h9LcEJY +mkE8S98svzMAAAAAAQID -----END OPENSSH PRIVATE KEY----- diff --git a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 new file mode 100644 index 000000000..cf9fc1b68 --- /dev/null +++ b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDlG3DfOiDggnpz9fbC7Q+6e7jOiHX3Xv5AYxeSuFc4/gAAAJg95O0uPeTt +LgAAAAtzc2gtZWQyNTUxOQAAACDlG3DfOiDggnpz9fbC7Q+6e7jOiHX3Xv5AYxeSuFc4/g +AAAEAei2GY/cf5G6F8B8GSqfzP2NdOqXQYTpnLTt1M+vZZfuUbcN86IOCCenP19sLtD7p7 +uM6Idfde/kBjF5K4Vzj+AAAADjI1NDk2QLuou/CkzlBDAQIDBAUGBw== +-----END OPENSSH PRIVATE KEY----- \ No newline at end of file diff --git a/crates/bitwarden-ssh/src/export.rs b/crates/bitwarden-ssh/src/export.rs index bba3d91a3..77928ed1b 100644 --- a/crates/bitwarden-ssh/src/export.rs +++ b/crates/bitwarden-ssh/src/export.rs @@ -1,24 +1,9 @@ use pkcs8::EncodePrivateKey; use rsa::RsaPrivateKey; -use ssh_key::{PrivateKey, private::RsaKeypair}; +use ssh_key::PrivateKey; use crate::error::SshKeyExportError; -/// Convert RSA keypair to PKCS#8 DER format -// There is a known defect in going RsaPrivateKey -> pkcs8::PrivateKey -// https://github.com/RustCrypto/SSH/pull/218 -fn convert_rsa_keypair(keypair: &RsaKeypair) -> Result { - Ok(rsa::RsaPrivateKey::from_components( - rsa::BigUint::try_from(&keypair.public.n)?, - rsa::BigUint::try_from(&keypair.public.e)?, - rsa::BigUint::try_from(&keypair.private.d)?, - vec![ - rsa::BigUint::try_from(&keypair.private.p)?, - rsa::BigUint::try_from(&keypair.private.q)?, - ], - )?) -} - /// Convert an OpenSSH private key to PKCS#8 DER format /// /// This is primarily used for exporting SSH keys to other credential managers using Credential @@ -40,12 +25,17 @@ pub fn export_pkcs8_der_key(private_key: &str) -> Result, SshKeyExportEr .as_bytes() .to_vec()) } - ssh_key::private::KeypairData::Rsa(keypair) => Ok(convert_rsa_keypair(keypair) - .map_err(|_| SshKeyExportError::KeyConversion)? - .to_pkcs8_der() - .map_err(|_| SshKeyExportError::KeyConversion)? - .as_bytes() - .to_vec()), + ssh_key::private::KeypairData::Rsa(keypair) => { + let rk: RsaPrivateKey = keypair + .try_into() + .map_err(|_| SshKeyExportError::KeyConversion)?; + + Ok(rk + .to_pkcs8_der() + .map_err(|_| SshKeyExportError::KeyConversion)? + .as_bytes() + .to_vec()) + } _ => Err(SshKeyExportError::KeyConversion), } } diff --git a/crates/bitwarden-ssh/src/generator.rs b/crates/bitwarden-ssh/src/generator.rs index a058ee8f8..468868248 100644 --- a/crates/bitwarden-ssh/src/generator.rs +++ b/crates/bitwarden-ssh/src/generator.rs @@ -1,6 +1,7 @@ use bitwarden_vault::SshKeyView; +use rand::CryptoRng; use serde::{Deserialize, Serialize}; -use ssh_key::{Algorithm, rand_core::CryptoRngCore}; +use ssh_key::{Algorithm}; #[cfg(feature = "wasm")] use tsify::Tsify; @@ -26,13 +27,13 @@ pub enum KeyAlgorithm { pub fn generate_sshkey( key_algorithm: KeyAlgorithm, ) -> Result { - let rng = rand::thread_rng(); + let rng = rand::rng(); generate_sshkey_internal(key_algorithm, rng) } fn generate_sshkey_internal( key_algorithm: KeyAlgorithm, - mut rng: impl CryptoRngCore, + mut rng: impl CryptoRng, ) -> Result { let private_key = match key_algorithm { KeyAlgorithm::Ed25519 => ssh_key::PrivateKey::random(&mut rng, Algorithm::Ed25519) @@ -45,7 +46,7 @@ fn generate_sshkey_internal( } fn create_rsa_key( - mut rng: impl CryptoRngCore, + mut rng: impl CryptoRng, bits: usize, ) -> Result { let rsa_keypair = ssh_key::private::RsaKeypair::random(&mut rng, bits) diff --git a/crates/bitwarden-ssh/src/import.rs b/crates/bitwarden-ssh/src/import.rs index c8f745b61..2e184049d 100644 --- a/crates/bitwarden-ssh/src/import.rs +++ b/crates/bitwarden-ssh/src/import.rs @@ -22,8 +22,8 @@ pub fn import_key( .map_err(|_| SshKeyImportError::Parsing)?; match label { - pkcs8::PrivateKeyInfo::PEM_LABEL => import_pkcs8_key(encoded_key, None), - pkcs8::EncryptedPrivateKeyInfo::PEM_LABEL => import_pkcs8_key( + pkcs8::PrivateKeyInfo::<(), (), ()>::PEM_LABEL => import_pkcs8_key(encoded_key, None), + pkcs8::EncryptedPrivateKeyInfo::<()>::PEM_LABEL => import_pkcs8_key( encoded_key, Some(password.ok_or(SshKeyImportError::PasswordRequired)?), ), @@ -60,8 +60,7 @@ pub fn import_pkcs8_der_key(encoded_key: &[u8]) -> Result { - let private_key: ed25519::KeypairBytes = private_key_info - .try_into() + let private_key: ed25519::KeypairBytes = private_key_info.try_into() .map_err(|_| SshKeyImportError::Parsing)?; ssh_key::private::PrivateKey::from(Ed25519Keypair::from(&private_key.secret_key.into())) @@ -199,26 +198,16 @@ mod tests { assert_eq!(result.unwrap_err(), SshKeyImportError::UnsupportedKeyType); } - // Putty-exported keys should be supported, but are not due to a parser incompatibility. - // Should this test start failing, please change it to expect a correct key, and - // make sure the documentation support for putty-exported keys this is updated. - // https://bitwarden.atlassian.net/browse/PM-14989 #[test] fn import_key_ed25519_putty() { let private_key = include_str!("../resources/import/ed25519_putty_openssh_unencrypted"); - let result = import_key(private_key.to_string(), Some("".to_string())); - assert_eq!(result.unwrap_err(), SshKeyImportError::Parsing); + import_key(private_key.to_string(), Some("".to_string())).unwrap(); } - // Putty-exported keys should be supported, but are not due to a parser incompatibility. - // Should this test start failing, please change it to expect a correct key, and - // make sure the documentation support for putty-exported keys this is updated. - // https://bitwarden.atlassian.net/browse/PM-14989 #[test] fn import_key_rsa_openssh_putty() { let private_key = include_str!("../resources/import/rsa_putty_openssh_unencrypted"); - let result = import_key(private_key.to_string(), Some("".to_string())); - assert_eq!(result.unwrap_err(), SshKeyImportError::Parsing); + import_key(private_key.to_string(), Some("".to_string())).unwrap(); } #[test] @@ -227,4 +216,12 @@ mod tests { let result = import_key(private_key.to_string(), Some("".to_string())); assert_eq!(result.unwrap_err(), SshKeyImportError::UnsupportedKeyType); } + + #[test] + fn import_broken_ed25519_key() { + // https://github.com/bitwarden/clients/issues/17028#issuecomment-3455975763 + let private_key = include_str!("../resources/import/ed25519_regression_17028"); + import_key(private_key.to_string(), None).unwrap(); + } + } From 56960c3c9583734bd1d96c4bc544493ea537c815 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 13:43:42 +0100 Subject: [PATCH 2/6] Cargo fmt --- crates/bitwarden-ssh/src/generator.rs | 2 +- crates/bitwarden-ssh/src/import.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crates/bitwarden-ssh/src/generator.rs b/crates/bitwarden-ssh/src/generator.rs index 468868248..2b8672842 100644 --- a/crates/bitwarden-ssh/src/generator.rs +++ b/crates/bitwarden-ssh/src/generator.rs @@ -1,7 +1,7 @@ use bitwarden_vault::SshKeyView; use rand::CryptoRng; use serde::{Deserialize, Serialize}; -use ssh_key::{Algorithm}; +use ssh_key::Algorithm; #[cfg(feature = "wasm")] use tsify::Tsify; diff --git a/crates/bitwarden-ssh/src/import.rs b/crates/bitwarden-ssh/src/import.rs index 2e184049d..896266b15 100644 --- a/crates/bitwarden-ssh/src/import.rs +++ b/crates/bitwarden-ssh/src/import.rs @@ -60,7 +60,8 @@ pub fn import_pkcs8_der_key(encoded_key: &[u8]) -> Result { - let private_key: ed25519::KeypairBytes = private_key_info.try_into() + let private_key: ed25519::KeypairBytes = private_key_info + .try_into() .map_err(|_| SshKeyImportError::Parsing)?; ssh_key::private::PrivateKey::from(Ed25519Keypair::from(&private_key.secret_key.into())) @@ -223,5 +224,4 @@ mod tests { let private_key = include_str!("../resources/import/ed25519_regression_17028"); import_key(private_key.to_string(), None).unwrap(); } - } From 34e3346267e317f9f96c5c695356850ae5aef30a Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 13:48:49 +0100 Subject: [PATCH 3/6] Add test pubkeys --- .../import/ed25519_putty_openssh_unencrypted.pub | 1 + .../resources/import/ed25519_regression_17028.pub | 1 + .../import/rsa_putty_openssh_unencrypted.pub | 1 + crates/bitwarden-ssh/src/import.rs | 14 ++++++++++---- 4 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub create mode 100644 crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub create mode 100644 crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub diff --git a/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub b/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub new file mode 100644 index 000000000..a5ee429c3 --- /dev/null +++ b/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnT/3MUELJmzkEWpcIk3mLUNNqfM8YelR6jYs/wWZD3 eddsa-key-20241118 \ No newline at end of file diff --git a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub new file mode 100644 index 000000000..89a83b957 --- /dev/null +++ b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUbcN86IOCCenP19sLtD7p7uM6Idfde/kBjF5K4Vzj+ 25496@ \ No newline at end of file diff --git a/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub b/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub new file mode 100644 index 000000000..b200e22dc --- /dev/null +++ b/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCii2BMtwqNKA8tLb5FPdkSWGS0vULAjIz/7cioSrTR+X+tEcFPyi2SVXct3sM5HnQdVlKhXS72qzRY53FyMQmUkAIMKWbFmYWvQFD8TbJXnHO4xmPcyP58vbqNOYze55EdnS1Tm5tIW8g0gXIMYbvQXtWCSkEDzOy+KKd4xJS3WIg+L/p94vqHtAAVSTol1Amk9Oz01vb4MBD2UxLbrXhzEteR9QhcDg28cx9kZ1R2rWYEkgBZng88nqdpRy7SVViO5UQA4ThSgfGvpiVbjLIAX8jVhcEWlwcbs/R6C+Cd5M+WLlbO6bRcOw4+K+qvrPYTmTufPIZdRo/kyNF8MNUv rsa-key-20241118 \ No newline at end of file diff --git a/crates/bitwarden-ssh/src/import.rs b/crates/bitwarden-ssh/src/import.rs index 896266b15..688ee508a 100644 --- a/crates/bitwarden-ssh/src/import.rs +++ b/crates/bitwarden-ssh/src/import.rs @@ -202,13 +202,17 @@ mod tests { #[test] fn import_key_ed25519_putty() { let private_key = include_str!("../resources/import/ed25519_putty_openssh_unencrypted"); - import_key(private_key.to_string(), Some("".to_string())).unwrap(); + let public_key = include_str!("../resources/import/ed25519_putty_openssh_unencrypted.pub").trim(); + let result = import_key(private_key.to_string(), Some("".to_string())).unwrap(); + assert_eq!(result.public_key, public_key); } #[test] fn import_key_rsa_openssh_putty() { let private_key = include_str!("../resources/import/rsa_putty_openssh_unencrypted"); - import_key(private_key.to_string(), Some("".to_string())).unwrap(); + let public_key = include_str!("../resources/import/rsa_putty_openssh_unencrypted.pub").trim(); + let result = import_key(private_key.to_string(), Some("".to_string())).unwrap(); + assert_eq!(result.public_key, public_key); } #[test] @@ -219,9 +223,11 @@ mod tests { } #[test] - fn import_broken_ed25519_key() { + fn import_ed25519_key_regression_17028() { // https://github.com/bitwarden/clients/issues/17028#issuecomment-3455975763 let private_key = include_str!("../resources/import/ed25519_regression_17028"); - import_key(private_key.to_string(), None).unwrap(); + let public_key = include_str!("../resources/import/ed25519_regression_17028.pub").trim(); + let result = import_key(private_key.to_string(), None).unwrap(); + assert_eq!(result.public_key, public_key); } } From ecbf69746cdf6fc9e2e3abca81c6e4db2b7df37f Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 13:51:03 +0100 Subject: [PATCH 4/6] Cargo fmt --- crates/bitwarden-ssh/src/import.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crates/bitwarden-ssh/src/import.rs b/crates/bitwarden-ssh/src/import.rs index 688ee508a..c50f832da 100644 --- a/crates/bitwarden-ssh/src/import.rs +++ b/crates/bitwarden-ssh/src/import.rs @@ -202,7 +202,8 @@ mod tests { #[test] fn import_key_ed25519_putty() { let private_key = include_str!("../resources/import/ed25519_putty_openssh_unencrypted"); - let public_key = include_str!("../resources/import/ed25519_putty_openssh_unencrypted.pub").trim(); + let public_key = + include_str!("../resources/import/ed25519_putty_openssh_unencrypted.pub").trim(); let result = import_key(private_key.to_string(), Some("".to_string())).unwrap(); assert_eq!(result.public_key, public_key); } @@ -210,7 +211,8 @@ mod tests { #[test] fn import_key_rsa_openssh_putty() { let private_key = include_str!("../resources/import/rsa_putty_openssh_unencrypted"); - let public_key = include_str!("../resources/import/rsa_putty_openssh_unencrypted.pub").trim(); + let public_key = + include_str!("../resources/import/rsa_putty_openssh_unencrypted.pub").trim(); let result = import_key(private_key.to_string(), Some("".to_string())).unwrap(); assert_eq!(result.public_key, public_key); } From ed8b8e9d4c1c4f6ab699f981c3d03fab174a7663 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 14:15:21 +0100 Subject: [PATCH 5/6] Fix wasm build --- Cargo.lock | 1 + crates/bitwarden-ssh/Cargo.toml | 4 +++- crates/bitwarden-wasm-internal/build.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 41e50b727..6265cea87 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -816,6 +816,7 @@ dependencies = [ "block-padding 0.4.0-rc.4", "ed25519 3.0.0-rc.1", "ed25519-dalek 3.0.0-pre.1", + "getrandom 0.3.3", "pem-rfc7468 1.0.0-rc.3", "pkcs8 0.11.0-rc.7", "rand 0.9.2", diff --git a/crates/bitwarden-ssh/Cargo.toml b/crates/bitwarden-ssh/Cargo.toml index 28dbd7dd7..05252ef2c 100644 --- a/crates/bitwarden-ssh/Cargo.toml +++ b/crates/bitwarden-ssh/Cargo.toml @@ -19,7 +19,8 @@ keywords.workspace = true wasm = [ "bitwarden-error/wasm", "dep:tsify", - "dep:wasm-bindgen" + "dep:wasm-bindgen", + "getrandom/wasm_js" ] # WASM support uniffi = ["dep:uniffi"] # Uniffi bindings @@ -29,6 +30,7 @@ bitwarden-vault = { workspace = true } block-padding = { version = "=0.4.0-rc.4" } ed25519 = { version = "3.0.0-rc.1", features = ["pkcs8"] } ed25519-dalek = { version = "=3.0.0-pre.1", features = ["alloc", "pkcs8"] } +getrandom = { version = "=0.3.3" } pem-rfc7468 = "1.0.0-rc.3" pkcs8 = { version = "=0.11.0-rc.7", features = ["encryption"] } rand = "0.9.2" diff --git a/crates/bitwarden-wasm-internal/build.sh b/crates/bitwarden-wasm-internal/build.sh index 5024bf783..1a653551a 100755 --- a/crates/bitwarden-wasm-internal/build.sh +++ b/crates/bitwarden-wasm-internal/build.sh @@ -46,7 +46,7 @@ fi # Note that this requirest build-std which is an unstable feature, # this normally requires a nightly build, but we can also use the # RUSTC_BOOTSTRAP hack to use the same stable version as the normal build -RUSTFLAGS=-Ctarget-cpu=mvp RUSTC_BOOTSTRAP=1 cargo build -p bitwarden-wasm-internal -Zbuild-std=panic_abort,std --target wasm32-unknown-unknown ${RELEASE_FLAG} ${ENABLE_LICENSE_FEATURE} +RUSTFLAGS='-Ctarget-cpu=mvp --cfg getrandom_backend="wasm_js"' RUSTC_BOOTSTRAP=1 cargo build -p bitwarden-wasm-internal -Zbuild-std=panic_abort,std --target wasm32-unknown-unknown ${RELEASE_FLAG} ${ENABLE_LICENSE_FEATURE} wasm-bindgen --target bundler --out-dir crates/bitwarden-wasm-internal/${NPM_FOLDER} ./target/wasm32-unknown-unknown/${BUILD_FOLDER}/bitwarden_wasm_internal.wasm wasm-bindgen --target nodejs --out-dir crates/bitwarden-wasm-internal/${NPM_FOLDER}/node ./target/wasm32-unknown-unknown/${BUILD_FOLDER}/bitwarden_wasm_internal.wasm From 0e6a4ced6c1555a5c07a3a86f21ffb890b3ed50c Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Tue, 28 Oct 2025 14:19:13 +0100 Subject: [PATCH 6/6] Add new lines --- .../resources/import/ed25519_putty_openssh_unencrypted.pub | 2 +- crates/bitwarden-ssh/resources/import/ed25519_regression_17028 | 2 +- .../bitwarden-ssh/resources/import/ed25519_regression_17028.pub | 2 +- .../resources/import/rsa_putty_openssh_unencrypted.pub | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub b/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub index a5ee429c3..13c40a5ad 100644 --- a/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub +++ b/crates/bitwarden-ssh/resources/import/ed25519_putty_openssh_unencrypted.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnT/3MUELJmzkEWpcIk3mLUNNqfM8YelR6jYs/wWZD3 eddsa-key-20241118 \ No newline at end of file +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnT/3MUELJmzkEWpcIk3mLUNNqfM8YelR6jYs/wWZD3 eddsa-key-20241118 diff --git a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 index cf9fc1b68..27da3ceff 100644 --- a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 +++ b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028 @@ -4,4 +4,4 @@ QyNTUxOQAAACDlG3DfOiDggnpz9fbC7Q+6e7jOiHX3Xv5AYxeSuFc4/gAAAJg95O0uPeTt LgAAAAtzc2gtZWQyNTUxOQAAACDlG3DfOiDggnpz9fbC7Q+6e7jOiHX3Xv5AYxeSuFc4/g AAAEAei2GY/cf5G6F8B8GSqfzP2NdOqXQYTpnLTt1M+vZZfuUbcN86IOCCenP19sLtD7p7 uM6Idfde/kBjF5K4Vzj+AAAADjI1NDk2QLuou/CkzlBDAQIDBAUGBw== ------END OPENSSH PRIVATE KEY----- \ No newline at end of file +-----END OPENSSH PRIVATE KEY----- diff --git a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub index 89a83b957..b95e3b596 100644 --- a/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub +++ b/crates/bitwarden-ssh/resources/import/ed25519_regression_17028.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUbcN86IOCCenP19sLtD7p7uM6Idfde/kBjF5K4Vzj+ 25496@ \ No newline at end of file +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUbcN86IOCCenP19sLtD7p7uM6Idfde/kBjF5K4Vzj+ 25496@ diff --git a/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub b/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub index b200e22dc..2c346a9c6 100644 --- a/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub +++ b/crates/bitwarden-ssh/resources/import/rsa_putty_openssh_unencrypted.pub @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCii2BMtwqNKA8tLb5FPdkSWGS0vULAjIz/7cioSrTR+X+tEcFPyi2SVXct3sM5HnQdVlKhXS72qzRY53FyMQmUkAIMKWbFmYWvQFD8TbJXnHO4xmPcyP58vbqNOYze55EdnS1Tm5tIW8g0gXIMYbvQXtWCSkEDzOy+KKd4xJS3WIg+L/p94vqHtAAVSTol1Amk9Oz01vb4MBD2UxLbrXhzEteR9QhcDg28cx9kZ1R2rWYEkgBZng88nqdpRy7SVViO5UQA4ThSgfGvpiVbjLIAX8jVhcEWlwcbs/R6C+Cd5M+WLlbO6bRcOw4+K+qvrPYTmTufPIZdRo/kyNF8MNUv rsa-key-20241118 \ No newline at end of file +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCii2BMtwqNKA8tLb5FPdkSWGS0vULAjIz/7cioSrTR+X+tEcFPyi2SVXct3sM5HnQdVlKhXS72qzRY53FyMQmUkAIMKWbFmYWvQFD8TbJXnHO4xmPcyP58vbqNOYze55EdnS1Tm5tIW8g0gXIMYbvQXtWCSkEDzOy+KKd4xJS3WIg+L/p94vqHtAAVSTol1Amk9Oz01vb4MBD2UxLbrXhzEteR9QhcDg28cx9kZ1R2rWYEkgBZng88nqdpRy7SVViO5UQA4ThSgfGvpiVbjLIAX8jVhcEWlwcbs/R6C+Cd5M+WLlbO6bRcOw4+K+qvrPYTmTufPIZdRo/kyNF8MNUv rsa-key-20241118