ssh-key: support for reading PPK format private keys (#324)

Author: Eugeny

.github/workflows/ssh-key.yml

@@ -72,7 +72,7 @@ jobs:
           toolchain: ${{ matrix.rust }}
           target: ${{ matrix.target }}
       - uses: RustCrypto/actions/cargo-hack-install@master
-      - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features default,dsa,ed25519,getrandom,p256,p384,p521,rsa,tdes,std --release
+      - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features default,dsa,ed25519,getrandom,p256,p384,p521,rsa,tdes,std,ppk --release
       - run: cargo build --target ${{ matrix.target }} --no-default-features --features alloc,crypto,dsa,encryption,tdes --release
 
   test:
@@ -88,7 +88,7 @@ jobs:
         with:
           toolchain: ${{ matrix.rust }}
       - uses: RustCrypto/actions/cargo-hack-install@master
-      - run: cargo hack test --feature-powerset --exclude-features default,dsa,ed25519,getrandom,p256,p384,p521,rsa,tdes,std --release
+      - run: cargo hack test --feature-powerset --exclude-features default,dsa,ed25519,getrandom,p256,p384,p521,rsa,tdes,std,ppk --release
       - run: cargo test --release
       - run: cargo test --release --features getrandom
       - run: cargo test --release --features std

Cargo.lock

@@ -26,10 +26,13 @@ subtle = { version = "2", default-features = false }
 zeroize = { version = "1", default-features = false }
 
 # optional dependencies
+argon2 = { version = "=0.6.0-pre.1", optional = true, default-features = false, features = ["alloc"] }
 bcrypt-pbkdf = { version = "=0.11.0-pre.1", optional = true, default-features = false, features = ["alloc"] }
 bigint = { package = "num-bigint-dig", version = "0.8", optional = true, default-features = false }
 dsa = { version = "=0.7.0-pre.1", optional = true, default-features = false }
 ed25519-dalek = { version = "=2.2.0-pre", optional = true, default-features = false }
+hex = { version = "0.4", optional = true, default-features = false, features = ["alloc"] }
+hmac = { version = "=0.13.0-pre.4", optional = true }
 home = { version = "0.5", optional = true }
 p256 = { version = "=0.14.0-pre.1", optional = true, default-features = false, features = ["ecdsa"] }
 p384 = { version = "=0.14.0-pre.1", optional = true, default-features = false, features = ["ecdsa"] }
@@ -79,6 +82,7 @@ getrandom = ["rand_core/getrandom"]
 p256 = ["dep:p256", "ecdsa"]
 p384 = ["dep:p384", "ecdsa"]
 p521 = ["dep:p521", "ecdsa"]
+ppk = ["dep:hex", "alloc", "cipher/aes-cbc", "dep:hmac", "dep:argon2", "dep:sha1"]
 rsa = ["dep:bigint", "dep:rsa", "alloc", "rand_core"]
 tdes = ["cipher/tdes", "encryption"]
 

ssh-key/Cargo.toml

@@ -6,6 +6,9 @@ use core::fmt;
 #[cfg(feature = "alloc")]
 use crate::certificate;
 
+#[cfg(feature = "ppk")]
+use crate::ppk::PpkParseError;
+
 /// Result type with `ssh-key`'s [`Error`] as the error type.
 pub type Result<T> = core::result::Result<T, Error>;
 
@@ -66,6 +69,10 @@ pub enum Error {
     /// Public key is incorrect.
     PublicKey,
 
+    /// PuTTY format parsing errors.
+    #[cfg(feature = "ppk")]
+    Ppk(PpkParseError),
+
     /// Invalid timestamp (e.g. in a certificate)
     Time,
 
@@ -104,6 +111,8 @@ impl fmt::Display for Error {
             #[cfg(feature = "std")]
             Error::Io(err) => write!(f, "I/O error: {}", std::io::Error::from(*err)),
             Error::Namespace => write!(f, "namespace invalid"),
+            #[cfg(feature = "ppk")]
+            Error::Ppk(err) => write!(f, "PPK parsing error: {err}"),
             Error::PublicKey => write!(f, "public key is incorrect"),
             Error::Time => write!(f, "invalid time"),
             Error::TrailingData { remaining } => write!(

ssh-key/src/error.rs

@@ -160,6 +160,8 @@ mod kdf;
 mod dot_ssh;
 #[cfg(feature = "alloc")]
 mod mpint;
+#[cfg(feature = "ppk")]
+mod ppk;
 #[cfg(feature = "alloc")]
 mod signature;
 #[cfg(feature = "alloc")]