Making OpenSSL optional

[?]

Jun 22, 2021, 11:56 AM

MCS77Y4VJGB6TU2HOLASGSRW4B6MT74XABD4KYALIRS54GGN2DDQC

Dependencies

[2] Q323RFJS Version bump
[3] ELRPPXSG Fixing conflicts
[4] MFMCIUMJ Fixing authentication with RSA
[5] AWVLXGAW Removing anyhows on Windows
[6] CROEJT6Q Minor fixes in Thrussh-keys (parsing key files)
[7] 7FRJYUI6 Reboot because of a bad change
[8] 2WEO7OZL Version updates: getting rid of anyhow + moving to Tokio 1.0
[9] 63PFETND fix compile errors in tests and examples
[10] FT67GGO4 Version bump (Pijul and Thrussh)
[11] 634OYCNM Tokio 0.3

Change contents

replacement in thrussh-keys/src/lib.rs at line 7

[3.21878]→[3.21878:22184](∅→∅)

//! The following example shows how to do all these in a single
//! example: start and SSH agent server, connect to it with a client,
//! decipher an encrypted private key (the password is `b"blabla"`),
//! send it to the agent, and ask the agent to sign a piece of data
//! (`b"Please sign this", below).

[3.21878]

[3.22184]

//! The following example (which uses the `openssl` feature) shows how
//! to do all these in a single example: start and SSH agent server,
//! connect to it with a client, decipher an encrypted private key
//! (the password is `b"blabla"`), send it to the agent, and ask the
//! agent to sign a piece of data (`b"Please sign this", below).
replacement in thrussh-keys/src/lib.rs at line 20

[3.22323]→[3.22323:22484](∅→∅)

//! fn confirm(&self, _: std::sync::Arc<key::KeyPair>) -> Box<dyn Future<Output = bool> + Send + Unpin> {
//! Box::new(futures::future::ready(true))

[3.22323]

[3.22484]

//! fn confirm(self, _: std::sync::Arc<key::KeyPair>) -> Box<dyn Future<Output = (Self, bool)> + Send + Unpin> {
//! Box::new(futures::future::ready((self, true)))
replacement in thrussh-keys/src/lib.rs at line 38

[3.24901]→[3.24901:24980](∅→∅)

//! thrussh_keys::agent::server::serve(listener.incoming(), X {}).await

[3.24901]

[3.24980]

//! thrussh_keys::agent::server::serve(tokio_stream::wrappers::UnixListenerStream::new(listener), X {}).await
replacement in thrussh-keys/src/lib.rs at line 40

[3.24991]→[3.24991:25070](∅→∅)

//! let key = decode_secret_key(PKCS8_ENCRYPTED, Some(b"blabla")).unwrap();

[3.24991]

[3.25070]

//! let key = decode_secret_key(PKCS8_ENCRYPTED, Some("blabla")).unwrap();
replacement in thrussh-keys/src/lib.rs at line 48

[3.25481]→[3.25481:25616](∅→∅)

//! let sig = client.sign_request(&public, buf).await?.unwrap();
//! assert!(public.verify_detached(buf, sig.as_ref()));

[3.25481]

[3.25616]

//! let sig = client.sign_request(&public, cryptovec::CryptoVec::from_slice(&buf[..])).await.1.unwrap();
//! // Here, `sig` is encoded in a format usable internally by the SSH protocol.
edit in thrussh-keys/src/lib.rs at line 56

[3.25708]→[3.25708:25750](∅→∅)

extern crate thrussh_libsodium as sodium;
edit in thrussh-keys/src/lib.rs at line 77

[3.26166]→[3.26166:26198](∅→∅)

mod bcrypt_pbkdf;
mod blowfish;
edit in thrussh-keys/src/lib.rs at line 116

[3.117]

[3.117]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 120

[3.192]

[3.192]

#[error(transparent)]
BlockMode(#[from] block_modes::BlockModeError),
edit in thrussh-keys/src/lib.rs at line 197

[3.29358]

[3.29358]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 223

[3.30124]

[3.30124]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 247

[3.30860]→[3.30860:30889](∅→∅)

password: Option<&[u8]>,

[3.30860]

[3.622]

password: Option<&str>,
edit in thrussh-keys/src/lib.rs at line 409

[3.35892]

[3.35892]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 423

[3.36451]

[3.36451]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 456

[3.38445]→[3.38445:38511](∅→∅)

decode_secret_key(ED25519_KEY, Some(b"blabla")).unwrap();

[3.38445]

[3.38511]

decode_secret_key(ED25519_KEY, Some("blabla")).unwrap();
edit in thrussh-keys/src/lib.rs at line 460

[3.38530]

[3.38530]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 468

[3.38717]

[3.38717]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 519

[3.40726]

[3.40726]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 528

[3.41598]

[3.41598]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 562

[3.43421]

[3.43421]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 593

[3.45157]

[3.45157]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 627

[3.47018]→[3.47018:47090](∅→∅)

let key = decode_secret_key(key, Some(b"passphrase")).unwrap();

[3.47018]

[3.47090]

let key = decode_secret_key(key, Some("passphrase")).unwrap();
edit in thrussh-keys/src/lib.rs at line 635

[3.47294]

[3.47294]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 670

[3.49151]→[3.49151:49208](∅→∅)

decode_secret_key(key, Some(b"12345")).unwrap();

[3.49151]

[3.49208]

decode_secret_key(key, Some("12345")).unwrap();
edit in thrussh-keys/src/lib.rs at line 673

[3.49226]

[3.49226]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 677

[3.49320]→[3.49320:49384](∅→∅)

decode_secret_key(PKCS8_RSA, Some(b"blabla")).unwrap();

[3.49320]

[3.49384]

decode_secret_key(PKCS8_RSA, Some("blabla")).unwrap();
edit in thrussh-keys/src/lib.rs at line 680

[3.49391]

[3.49391]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 713

[3.51323]

[3.51323]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 746

[3.53709]

[3.53709]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 750

[3.53813]→[3.53813:53883](∅→∅)

decode_secret_key(PKCS8_ENCRYPTED, Some(b"blabla")).unwrap();

[3.53813]

[3.53883]

decode_secret_key(PKCS8_ENCRYPTED, Some("blabla")).unwrap();
replacement in thrussh-keys/src/lib.rs at line 767

[3.54471]→[3.54471:54533](∅→∅)

let mut rt = tokio::runtime::Runtime::new().unwrap();

[3.54471]

[3.54533]

let rt = tokio::runtime::Runtime::new().unwrap();
replacement in thrussh-keys/src/lib.rs at line 779

[3.55079]→[3.55079:55130](∅→∅)

assert!(public.verify_detached(a, b));

[3.55079]

[3.99]

match key {
key::KeyPair::Ed25519 { .. } => {
let sig = &b[b.len() - 64..];
assert!(public.verify_detached(a, sig));
}
_ => {}
}
replacement in thrussh-keys/src/lib.rs at line 795

[3.55318]→[3.55318:55394](∅→∅)

let key = decode_secret_key(ED25519_KEY, Some(b"blabla")).unwrap();

[3.55318]

[3.55394]

let key = decode_secret_key(ED25519_KEY, Some("blabla")).unwrap();
edit in thrussh-keys/src/lib.rs at line 800

[3.55444]

[3.55444]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 802

[3.55477]→[3.55477:55557](∅→∅)

let key = decode_secret_key(PKCS8_ENCRYPTED, Some(b"blabla")).unwrap();

[3.55477]

[3.55557]

let key = decode_secret_key(PKCS8_ENCRYPTED, Some("blabla")).unwrap();
edit in thrussh-keys/src/lib.rs at line 807

[3.55607]

[3.55607]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/lib.rs at line 814

[3.55759]

[3.55759]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/lib.rs at line 820

[3.55940]→[3.55940:56004](∅→∅)

let mut core = tokio::runtime::Runtime::new().unwrap();

[3.55940]

[3.56004]

let core = tokio::runtime::Runtime::new().unwrap();
replacement in thrussh-keys/src/lib.rs at line 845

[3.56609]→[3.56609:56689](∅→∅)

let key = decode_secret_key(PKCS8_ENCRYPTED, Some(b"blabla")).unwrap();

[3.56609]

[3.56689]

let key = decode_secret_key(PKCS8_ENCRYPTED, Some("blabla")).unwrap();
replacement in thrussh-keys/src/lib.rs at line 859

[3.57313]→[3.57313:57364](∅→∅)

assert!(public.verify_detached(a, b));

[3.57313]

[3.132]

match key {
key::KeyPair::Ed25519 { .. } => {
let sig = &b[b.len() - 64..];
assert!(public.verify_detached(a, sig));
}
_ => {}
}
edit in thrussh-keys/src/key.rs at line 19

[3.58165]

[3.58165]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 21

[3.58203]

[3.58203]

use thrussh_libsodium as sodium;
replacement in thrussh-keys/src/key.rs at line 25

[3.58272]→[3.58272:58366](∅→∅)

pub use sodium::ed25519::{keypair, sign_detached, verify_detached, PublicKey, SecretKey};

[3.58272]

[3.58366]

pub use thrussh_libsodium::ed25519::{
keypair, sign_detached, verify_detached, PublicKey, SecretKey,
};
edit in thrussh-keys/src/key.rs at line 88

[3.59923]

[3.59923]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/key.rs at line 103

[3.60345]→[3.60345:60386](∅→∅)

Ed25519(sodium::ed25519::PublicKey),

[3.60345]

[3.60386]

Ed25519(thrussh_libsodium::ed25519::PublicKey),
edit in thrussh-keys/src/key.rs at line 105

[3.60405]

[3.60405]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 113

[3.60511]

[3.60511]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 116

[3.60569]

[3.60569]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 118

[3.60600]

[3.60600]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 124

[3.60716]

[3.60716]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 126

[3.60743]

[3.60743]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/key.rs at line 151

[3.61690]→[3.61690:62056](∅→∅)

b"ssh-rsa" | b"rsa-sha2-256" | b"rsa-sha2-512" => {
let mut p = pubkey.reader(0);
let key_algo = p.read_string()?;
debug!("{:?}", std::str::from_utf8(key_algo));
if key_algo != b"ssh-rsa"
&& key_algo != b"rsa-sha2-256"
&& key_algo != b"rsa-sha2-512"

[3.61690]

[3.62056]

b"ssh-rsa" | b"rsa-sha2-256" | b"rsa-sha2-512" if cfg!(feature = "openssl") => {
#[cfg(feature = "openssl")]
{
let mut p = pubkey.reader(0);
let key_algo = p.read_string()?;
debug!("{:?}", std::str::from_utf8(key_algo));
if key_algo != b"ssh-rsa" && key_algo != b"rsa-sha2-256" && key_algo != b"rsa-sha2-512" {
return Err(Error::CouldNotReadKey.into());
}
let key_e = p.read_string()?;
let key_n = p.read_string()?;
use openssl::bn::BigNum;
use openssl::pkey::PKey;
use openssl::rsa::Rsa;
Ok(PublicKey::RSA {
key: OpenSSLPKey(PKey::from_rsa(Rsa::from_public_components(
BigNum::from_slice(key_n)?,
BigNum::from_slice(key_e)?,
)?)?),
hash: {
if algo == b"rsa-sha2-256" {
SignatureHash::SHA2_256
} else if algo == b"rsa-sha2-512" {
SignatureHash::SHA2_512
} else {
SignatureHash::SHA1
}
},
})
}
#[cfg(not(feature = "openssl"))]
replacement in thrussh-keys/src/key.rs at line 183

[3.62074]→[3.62074:62137](∅→∅)

return Err(Error::CouldNotReadKey.into());

[3.62074]

[3.62137]

unreachable!()
edit in thrussh-keys/src/key.rs at line 185

[3.62155]→[3.62155:63010](∅→∅)

let key_e = p.read_string()?;
let key_n = p.read_string()?;
use openssl::bn::BigNum;
use openssl::pkey::PKey;
use openssl::rsa::Rsa;
Ok(PublicKey::RSA {
key: OpenSSLPKey(PKey::from_rsa(Rsa::from_public_components(
BigNum::from_slice(key_n)?,
BigNum::from_slice(key_e)?,
)?)?),
hash: {
if algo == b"rsa-sha2-256" {
SignatureHash::SHA2_256
} else if algo == b"rsa-sha2-512" {
SignatureHash::SHA2_512
} else {
SignatureHash::SHA1
}
},
})
edit in thrussh-keys/src/key.rs at line 194

[3.63242]

[3.63242]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 205

[3.63576]

[3.63576]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/key.rs at line 222

[3.64152]→[3.64152:64228](∅→∅)

data_encoding::BASE64_NOPAD.encode(&openssl::sha::sha256(&key[..]))

[3.64152]

[3.64228]

use sha2::{Sha256, Digest};
let mut hasher = Sha256::new();
hasher.update(&key[..]);
data_encoding::BASE64_NOPAD.encode(&hasher.finalize())
edit in thrussh-keys/src/key.rs at line 227

[3.64234]

[3.0]
edit in thrussh-keys/src/key.rs at line 229

[3.1]

[3.1]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 240

[3.428]

[3.428]

}

#[cfg(not(feature = "openssl"))]
pub fn set_algorithm(&mut self, _: &[u8]) {
edit in thrussh-keys/src/key.rs at line 259

[3.64600]

[3.64600]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 274

[3.64994]

[3.64994]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 295

[3.65575]

[3.65575]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/key.rs at line 303

[3.65879]→[3.65879:65906](∅→∅)

.unwrap();

[3.65879]

[3.65906]

.unwrap();
edit in thrussh-keys/src/key.rs at line 316

[3.66241]

[3.66241]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 328

[3.66552]

[3.66552]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 340

[3.67068]

[3.67068]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 366

[3.67996]

[3.67996]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 391

[3.69135]

[3.69135]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/key.rs at line 405

[3.69624]

[3.69624]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/key.rs at line 435

[3.70574]→[3.70574:70607](∅→∅)

use sodium::ed25519;

[3.70574]

[3.70607]

use thrussh_libsodium::ed25519;
replacement in thrussh-keys/src/key.rs at line 444

[3.70850]→[3.70850:71271](∅→∅)

let e = pos.read_string()?;
let n = pos.read_string()?;
use openssl::bn::*;
use openssl::pkey::*;
use openssl::rsa::*;
return Ok(PublicKey::RSA {
key: OpenSSLPKey(PKey::from_rsa(Rsa::from_public_components(
BigNum::from_slice(n)?,
BigNum::from_slice(e)?,
)?)?),
hash: SignatureHash::SHA2_256,
});

[3.70850]

[3.71271]

#[cfg(feature = "openssl")]
{
let e = pos.read_string()?;
let n = pos.read_string()?;
use openssl::bn::*;
use openssl::pkey::*;
use openssl::rsa::*;
return Ok(PublicKey::RSA {
key: OpenSSLPKey(PKey::from_rsa(Rsa::from_public_components(
BigNum::from_slice(n)?,
BigNum::from_slice(e)?,
)?)?),
hash: SignatureHash::SHA2_256,
});
}
edit in thrussh-keys/src/format/pkcs8.rs at line 3

[3.71394]

[3.71394]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/pkcs8.rs at line 7

[3.71464]→[3.71464:71498](∅→∅)

use openssl::hash::MessageDigest;

[3.71464]

[3.71498]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/pkcs8.rs at line 9

[3.71526]→[3.71526:71557](∅→∅)

use openssl::rand::rand_bytes;

[3.71526]

[3.71557]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/pkcs8.rs at line 11

[3.71580]→[3.71580:71627](∅→∅)

use openssl::symm::{decrypt, encrypt, Cipher};
edit in thrussh-keys/src/format/pkcs8.rs at line 21

[3.72005]

[3.72005]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/pkcs8.rs at line 27

[3.72270]→[3.72270:72307](∅→∅)

// let mut sec = Vec::new();
replacement in thrussh-keys/src/format/pkcs8.rs at line 97

[3.74940]→[3.74940:74988](∅→∅)

Ok(Ok(MessageDigest::sha256()))

[3.74940]

[3.74988]

Ok(Ok(()))
replacement in thrussh-keys/src/format/pkcs8.rs at line 102

[3.75090]→[3.75090:75145](∅→∅)

Ok(digest.map(|digest| KeyDerivation::Pbkdf2 {

[3.75090]

[3.75145]

Ok(digest.map(|()| KeyDerivation::Pbkdf2 {
edit in thrussh-keys/src/format/pkcs8.rs at line 105

[3.75183]→[3.75183:75203](∅→∅)

digest,
edit in thrussh-keys/src/format/pkcs8.rs at line 163

[3.77022]

[3.77022]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/pkcs8.rs at line 204

[3.78532]

[3.1443]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/pkcs8.rs at line 242

[3.80347]

[3.80347]

}

#[cfg(not(feature = "openssl"))]
fn read_key_v0(_: &mut BERReaderSeq) -> Result<key::KeyPair, Error> {
Err(Error::CouldNotReadKey.into())
edit in thrussh-keys/src/format/pkcs8.rs at line 259

[3.80780]

[3.80780]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/pkcs8.rs at line 264

[3.80842]→[3.80842:80875](∅→∅)

use openssl::pkcs5::pbkdf2_hmac;
edit in thrussh-keys/src/format/pkcs8.rs at line 265

[3.80912]

[3.80912]

use aes::*;
use block_modes::block_padding::NoPadding;
use block_modes::BlockMode;
type Aes128Cbc = block_modes::Cbc<Aes128, NoPadding>;
type Aes256Cbc = block_modes::Cbc<Aes256, NoPadding>;
edit in thrussh-keys/src/format/pkcs8.rs at line 277

[3.1702]

[3.81099]

use rand::RngCore;
let mut rng = rand::thread_rng();
replacement in thrussh-keys/src/format/pkcs8.rs at line 280

[3.81127]→[3.81127:81155](∅→∅)

rand_bytes(&mut salt)?;

[3.81127]

[3.81155]

rng.fill_bytes(&mut salt);
replacement in thrussh-keys/src/format/pkcs8.rs at line 282

[3.81181]→[3.81181:81207](∅→∅)

rand_bytes(&mut iv)?;

[3.81181]

[3.81207]

rng.fill_bytes(&mut iv);
replacement in thrussh-keys/src/format/pkcs8.rs at line 284

[3.81249]→[3.81249:81381](∅→∅)

pbkdf2_hmac(
pass,
&salt,
rounds as usize,
MessageDigest::sha256(),
&mut dkey,
)?;

[3.81249]

[3.81381]

pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(pass, &salt, rounds, &mut dkey);
replacement in thrussh-keys/src/format/pkcs8.rs at line 290

[3.81555]→[3.81555:81639](∅→∅)

let ciphertext = encrypt(Cipher::aes_256_cbc(), &dkey, Some(&iv), &plaintext)?;

[3.81555]

[3.81639]

let c = Aes256Cbc::new_from_slices(&dkey, &iv).unwrap();
let n = plaintext.len();
c.encrypt(&mut plaintext, n).unwrap();
replacement in thrussh-keys/src/format/pkcs8.rs at line 304

[3.82047]→[3.82047:82102](∅→∅)

writer.next().write_bytes(&ciphertext[..])

[3.82047]

[3.82102]

writer.next().write_bytes(&plaintext[..])
edit in thrussh-keys/src/format/pkcs8.rs at line 314

[3.82394]

[3.82394]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/pkcs8.rs at line 382

[3.84420]→[3.84420:84521](∅→∅)

digest,
} => pbkdf2_hmac(password, salt, rounds as usize, digest, key)?,

[3.84420]

[3.84521]

} => {
pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(password, salt, rounds as u32, key)
// pbkdf2_hmac(password, salt, rounds as usize, digest, key)?
},
edit in thrussh-keys/src/format/pkcs8.rs at line 391

[3.84555]

[3.84555]

#[derive(Debug)]
replacement in thrussh-keys/src/format/pkcs8.rs at line 425

[3.1945]→[3.85295:85614](∅→∅),[3.85295]→[3.85295:85614](∅→∅)

let (cipher, iv) = match *self {
Encryption::Aes128Cbc(ref iv) => (Cipher::aes_128_cbc(), iv),
Encryption::Aes256Cbc(ref iv) => (Cipher::aes_256_cbc(), iv),
};
let mut dec = decrypt(cipher, &key, Some(&iv[..]), ciphertext)?;
pkcs_unpad(&mut dec);
Ok(dec)

[3.1945]

[3.85614]

match *self {
Encryption::Aes128Cbc(ref iv) => {
let c = Aes128Cbc::new_from_slices(key, iv).unwrap();
let mut dec = ciphertext.to_vec();
c.decrypt(&mut dec)?;
pkcs_unpad(&mut dec);
Ok(dec)
},
Encryption::Aes256Cbc(ref iv) => {
let c = Aes256Cbc::new_from_slices(key, iv).unwrap();
let mut dec = ciphertext.to_vec();
c.decrypt(&mut dec)?;
pkcs_unpad(&mut dec);
Ok(dec)
},
}
edit in thrussh-keys/src/format/pkcs8.rs at line 448

[3.85701]→[3.85701:85732](∅→∅)

digest: MessageDigest,
replacement in thrussh-keys/src/format/pkcs5.rs at line 1

[3.85753]→[3.85754:85803](∅→∅)

use super::{decode_rsa, pkcs_unpad, Encryption};

[3.85753]

[3.85803]

use super::{pkcs_unpad, Encryption};
replacement in thrussh-keys/src/format/pkcs5.rs at line 5

[3.85838]→[3.85838:85920](∅→∅)

use openssl::hash::{Hasher, MessageDigest};
use openssl::symm::{decrypt, Cipher};

[3.85838]

[3.85920]

use aes::*;
use block_modes::block_padding::NoPadding;
use block_modes::BlockMode;
type Aes128Cbc = block_modes::Cbc<Aes128, NoPadding>;
edit in thrussh-keys/src/format/pkcs5.rs at line 12

[3.86024]

[3.86024]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/pkcs5.rs at line 15

[3.86064]→[3.86064:86093](∅→∅)

password: Option<&[u8]>,

[3.86064]

[3.86093]

password: Option<&str>,
replacement in thrussh-keys/src/format/pkcs5.rs at line 21

[3.86269]→[3.86269:86566](∅→∅)

let mut h = Hasher::new(MessageDigest::md5()).unwrap();
h.update(pass).unwrap();
h.update(&iv[..8]).unwrap();
let md5 = h.finish().unwrap();
let mut dec = decrypt(Cipher::aes_128_cbc(), &md5, Some(&iv[..]), secret)?;

[3.86269]

[3.86566]

let mut c = md5::Context::new();
c.consume(pass.as_bytes());
c.consume(&iv[..8]);
let md5 = c.compute();

let c = Aes128Cbc::new_from_slices(&md5.0, &iv[..]).unwrap();
let mut dec = secret.to_vec();
c.decrypt(&mut dec).unwrap();
replacement in thrussh-keys/src/format/pkcs5.rs at line 34

[3.86707]→[3.86707:86732](∅→∅)

decode_rsa(&sec)

[3.86707]

[3.86732]

super::decode_rsa(&sec)
edit in thrussh-keys/src/format/openssh.rs at line 1

[3.86809]→[3.86810:86835](∅→∅)

use crate::bcrypt_pbkdf;
replacement in thrussh-keys/src/format/openssh.rs at line 4

[3.86930]→[3.86930:86956](∅→∅)

use cryptovec::CryptoVec;

[3.86930]

[3.86956]

use bcrypt_pbkdf;
#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/openssh.rs at line 7

[3.86981]→[3.86981:87025](∅→∅)

use openssl::symm::{Cipher, Crypter, Mode};
replacement in thrussh-keys/src/format/openssh.rs at line 10

[3.87137]→[3.1982:2077](∅→∅)

pub fn decode_openssh(secret: &[u8], password: Option<&[u8]>) -> Result<key::KeyPair, Error> {

[3.87137]

[3.87251]

pub fn decode_openssh(secret: &[u8], password: Option<&str>) -> Result<key::KeyPair, Error> {
replacement in thrussh-keys/src/format/openssh.rs at line 42

[3.88496]→[3.88496:88967](∅→∅)

} else if key_type == KEYTYPE_RSA {
let n = BigNum::from_slice(position.read_string()?)?;
let e = BigNum::from_slice(position.read_string()?)?;
let d = BigNum::from_slice(position.read_string()?)?;
let iqmp = BigNum::from_slice(position.read_string()?)?;
let p = BigNum::from_slice(position.read_string()?)?;
let q = BigNum::from_slice(position.read_string()?)?;

[3.88496]

[3.88967]

} else if key_type == KEYTYPE_RSA && cfg!(feature = "openssl") {
#[cfg(feature = "openssl")]
{
let n = BigNum::from_slice(position.read_string()?)?;
let e = BigNum::from_slice(position.read_string()?)?;
let d = BigNum::from_slice(position.read_string()?)?;
let iqmp = BigNum::from_slice(position.read_string()?)?;
let p = BigNum::from_slice(position.read_string()?)?;
let q = BigNum::from_slice(position.read_string()?)?;
replacement in thrussh-keys/src/format/openssh.rs at line 52

[3.88968]→[3.88968:89548](∅→∅)

let mut ctx = openssl::bn::BigNumContext::new()?;
let un = openssl::bn::BigNum::from_u32(1)?;
let mut p1 = openssl::bn::BigNum::new()?;
let mut q1 = openssl::bn::BigNum::new()?;
p1.checked_sub(&p, &un)?;
q1.checked_sub(&q, &un)?;
let mut dmp1 = openssl::bn::BigNum::new()?; // d mod p-1
dmp1.checked_rem(&d, &p1, &mut ctx)?;
let mut dmq1 = openssl::bn::BigNum::new()?; // d mod q-1
dmq1.checked_rem(&d, &q1, &mut ctx)?;

[3.88968]

[3.89548]

let mut ctx = openssl::bn::BigNumContext::new()?;
let un = openssl::bn::BigNum::from_u32(1)?;
let mut p1 = openssl::bn::BigNum::new()?;
let mut q1 = openssl::bn::BigNum::new()?;
p1.checked_sub(&p, &un)?;
q1.checked_sub(&q, &un)?;
let mut dmp1 = openssl::bn::BigNum::new()?; // d mod p-1
dmp1.checked_rem(&d, &p1, &mut ctx)?;
let mut dmq1 = openssl::bn::BigNum::new()?; // d mod q-1
dmq1.checked_rem(&d, &q1, &mut ctx)?;
replacement in thrussh-keys/src/format/openssh.rs at line 63

[3.89549]→[3.89549:89939](∅→∅)

let key = openssl::rsa::RsaPrivateKeyBuilder::new(n, e, d)?
.set_factors(p, q)?
.set_crt_params(dmp1, dmq1, iqmp)?
.build();
key.check_key().unwrap();
return Ok(key::KeyPair::RSA {
key,
hash: key::SignatureHash::SHA2_512,
});

[3.89549]

[3.89939]

let key = openssl::rsa::RsaPrivateKeyBuilder::new(n, e, d)?
.set_factors(p, q)?
.set_crt_params(dmp1, dmq1, iqmp)?
.build();
key.check_key().unwrap();
return Ok(key::KeyPair::RSA {
key,
hash: key::SignatureHash::SHA2_512,
});
}
edit in thrussh-keys/src/format/openssh.rs at line 83

[3.90173]

[3.90173]

use aes::*;
use block_modes::block_padding::NoPadding;
type Aes128Cbc = block_modes::Cbc<Aes128, NoPadding>;
type Aes256Cbc = block_modes::Cbc<Aes256, NoPadding>;
replacement in thrussh-keys/src/format/openssh.rs at line 92

[3.90262]→[3.90262:90291](∅→∅)

password: Option<&[u8]>,

[3.90262]

[3.90291]

password: Option<&str>,
replacement in thrussh-keys/src/format/openssh.rs at line 102

[3.90568]→[3.90568:91128](∅→∅)

let mut key = CryptoVec::new();
let cipher = match ciphername {
b"aes128-cbc" => {
key.resize(16 + 16);
Cipher::aes_128_cbc()
}
b"aes128-ctr" => {
key.resize(16 + 16);
Cipher::aes_128_ctr()
}
b"aes256-cbc" => {
key.resize(16 + 32);
Cipher::aes_256_cbc()
}
b"aes256-ctr" => {
key.resize(16 + 32);
Cipher::aes_256_ctr()
}

[3.90568]

[3.91128]

let mut key = [0; 48];
let n = match ciphername {
b"aes128-cbc" | b"aes128-ctr" => 32,
b"aes256-cbc" | b"aes256-ctr" => 48,
edit in thrussh-keys/src/format/openssh.rs at line 108

[3.91199]→[3.91199:91200](∅→∅)
replacement in thrussh-keys/src/format/openssh.rs at line 113

[3.91408]→[3.91408:91486](∅→∅)

bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, &mut key);

[3.91408]

[3.91486]

bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, &mut key[..n]).unwrap();
replacement in thrussh-keys/src/format/openssh.rs at line 119

[3.91610]→[3.91610:91943](∅→∅)

let iv = &key[32..];
let key = &key[..32];
let mut c = Crypter::new(cipher, Mode::Decrypt, &key, Some(&iv))?;
c.pad(false);
let mut dec = vec![0; secret_key.len() + 32];
let n = c.update(&secret_key, &mut dec)?;
let n = n + c.finalize(&mut dec[n..])?;
dec.truncate(n);

[3.91610]

[3.91943]

let (key, iv) = key.split_at(n - 16);

let mut dec = secret_key.to_vec();
dec.resize(dec.len() + 32, 0u8);
use aes::cipher::{NewCipher, StreamCipher};
use block_modes::BlockMode;
match ciphername {
b"aes128-cbc" => {
let cipher = Aes128Cbc::new_from_slices(key, iv).unwrap();
let n = cipher.decrypt(&mut dec)?.len();
dec.truncate(n)
}
b"aes256-cbc" => {
let cipher = Aes256Cbc::new_from_slices(key, iv).unwrap();
let n = cipher.decrypt(&mut dec)?.len();
dec.truncate(n)
}
b"aes128-ctr" => {
let mut cipher = Aes128Ctr::new_from_slices(key, iv).unwrap();
cipher.apply_keystream(&mut dec);
dec.truncate(secret_key.len())
}
b"aes256-ctr" => {
let mut cipher = Aes256Ctr::new_from_slices(key, iv).unwrap();
cipher.apply_keystream(&mut dec);
dec.truncate(secret_key.len())
}
_ => {}
}
edit in thrussh-keys/src/format/mod.rs at line 4

[3.92094]

[3.92094]

#[cfg(not(feature = "openssl"))]
use data_encoding::BASE64_MIME;
#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 8

[3.92149]

[3.92149]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 16

[3.92237]

[3.92237]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 18

[3.92252]

[3.92252]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 36

[3.92567]

[3.92567]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 39

[3.92589]

[3.92589]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/mod.rs at line 47

[3.92736]→[3.2109:2206](∅→∅)

pub fn decode_secret_key(secret: &str, password: Option<&[u8]>) -> Result<key::KeyPair, Error> {

[3.92736]

[3.92852]

pub fn decode_secret_key(secret: &str, password: Option<&str>) -> Result<key::KeyPair, Error> {
replacement in thrussh-keys/src/format/mod.rs at line 60

[3.93270]→[3.93270:93514](∅→∅)

let iv_: Vec<u8> =
HEXLOWER_PERMISSIVE.decode(l.split_at(AES_128_CBC.len()).1.as_bytes())?;
if iv_.len() != 16 {
return Err(Error::CouldNotReadKey.into());

[3.93270]

[3.93514]

#[cfg(feature = "openssl")]
{
let iv_: Vec<u8> = HEXLOWER_PERMISSIVE
.decode(l.split_at(AES_128_CBC.len()).1.as_bytes())?;
if iv_.len() != 16 {
return Err(Error::CouldNotReadKey.into());
}
let mut iv = [0; 16];
iv.clone_from_slice(&iv_);
format = Some(Format::Pkcs5Encrypted(Encryption::Aes128Cbc(iv)))
edit in thrussh-keys/src/format/mod.rs at line 71

[3.93536]→[3.93536:93710](∅→∅)

let mut iv = [0; 16];
iv.clone_from_slice(&iv_);
format = Some(Format::Pkcs5Encrypted(Encryption::Aes128Cbc(iv)))
replacement in thrussh-keys/src/format/mod.rs at line 76

[3.93882]→[3.93882:94021](∅→∅)

} else if l == "-----BEGIN RSA PRIVATE KEY-----" {
started = true;
format = Some(Format::Rsa);

[3.93882]

[3.94021]

} else if l == "-----BEGIN RSA PRIVATE KEY-----" && cfg!(feature = "openssl") {
#[cfg(feature = "openssl")]
{
started = true;
format = Some(Format::Rsa);
}
edit in thrussh-keys/src/format/mod.rs at line 96

[3.94502]

[3.94502]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/format/mod.rs at line 98

[3.94552]

[3.94552]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/format/mod.rs at line 101

[3.94699]→[3.94699:94756](∅→∅)

self::pkcs8::decode_pkcs8(&secret, password)

[3.94699]

[3.94756]

self::pkcs8::decode_pkcs8(&secret, password.map(|x| x.as_bytes()))
edit in thrussh-keys/src/format/mod.rs at line 128

[3.95547]

[3.2321]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/src/bcrypt_pbkdf.rs at line 11

[3.123136]→[3.123136:123162](∅→∅)

use openssl::sha::Sha512;

[3.123136]

[3.123162]

use sha2::{Sha512, Digest};
replacement in thrussh-keys/src/bcrypt_pbkdf.rs at line 54

[3.124273]→[3.124273:124297](∅→∅)

hasher.finish()

[3.124273]

[3.124297]

hasher.finalize()
replacement in thrussh-keys/src/bcrypt_pbkdf.rs at line 65

[3.124565]→[3.124565:124602](∅→∅)

let hsalt = hasher.finish();

[3.124565]

[3.124602]

let hsalt = hasher.finalize();
replacement in thrussh-keys/src/bcrypt_pbkdf.rs at line 71

[3.124723]→[3.124723:124767](∅→∅)

let mut hasher = Sha512::new();

[3.124723]

[3.124767]

let mut hasher = sha2::Sha512::new();
replacement in thrussh-keys/src/bcrypt_pbkdf.rs at line 73

[3.124800]→[3.124800:124841](∅→∅)

let hsalt = hasher.finish();

[3.124800]

[3.124841]

let hsalt = hasher.finalize();
edit in thrussh-keys/src/agent/server.rs at line 3

[3.125305]

[3.125305]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/agent/server.rs at line 257

[3.133343]

[3.133343]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/agent/client.rs at line 109

[3.142103]

[3.142103]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/agent/client.rs at line 244

[3.147435]

[3.147435]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/agent/client.rs at line 312

[3.149952]

[3.149952]

#[cfg(feature = "openssl")]
edit in thrussh-keys/src/agent/client.rs at line 476

[3.156247]

[3.156247]

#[cfg(feature = "openssl")]
replacement in thrussh-keys/Cargo.toml at line 33

[3.4486]→[3.157776:157794](∅→∅),[3.157776]→[3.157776:157794](∅→∅),[3.157794]→[2.166:254](∅→∅)

byteorder = "1.3"
tokio = { version = "1.4", features = [ "io-util", "rt-multi-thread", "time", "net" ] }

[3.4486]

[3.157888]

byteorder = "1.4"
tokio = { version = "1.6", features = [ "io-util", "rt-multi-thread", "time", "net" ] }
tokio-stream = { version = "0.1", features = [ "net" ] }
replacement in thrussh-keys/Cargo.toml at line 41

[3.158033]→[3.158033:158050](∅→∅)

openssl = "0.10"

[3.158033]

[3.158050]

openssl = { version = "0.10", optional = true }
edit in thrussh-keys/Cargo.toml at line 43

[3.158066]→[3.158066:158094](∅→∅)

thrussh-libsodium = "0.2.0"
edit in thrussh-keys/Cargo.toml at line 48

[3.158187]

[3.158187]

thrussh-libsodium = "0.2"
sha2 = "0.9"
pbkdf2 = "0.8"
hmac = "0.11"
rand = "0.8"
block-modes = "0.8"
aes = { version = "0.7", features = [ "ctr" ] }
bcrypt-pbkdf = "0.6"
md5 = "*"
replacement in thrussh/src/server/mod.rs at line 574

[3.5860]→[3.5860:5903](∅→∅)

.map_err(crate::Error::from)?;

[3.5860]

[3.222121]

2 .map_err(crate::Error::from)?;