[PM-11924] Add ssh-key item type

crates/bitwarden-exporters/src/json.rs

@@ -2,7 +2,9 @@
 use thiserror::Error;
 use uuid::Uuid;
 
-use crate::{Card, Cipher, CipherType, Field, Folder, Identity, Login, LoginUri, SecureNote};
+use crate::{
+    Card, Cipher, CipherType, Field, Folder, Identity, Login, LoginUri, SecureNote, SshKey,
+};
 
 #[derive(Error, Debug)]
 pub enum JsonError {
@@ -69,6 +71,8 @@
     card: Option<JsonCard>,
     #[serde(skip_serializing_if = "Option::is_none")]
     secure_note: Option<JsonSecureNote>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    ssh_key: Option<JsonSshKey>,
 
     favorite: bool,
     reprompt: u8,
@@ -206,6 +210,24 @@
     }
 }
 
+#[derive(serde::Serialize)]
+#[serde(rename_all = "camelCase")]
+struct JsonSshKey {
+    private_key: Option<String>,
+    public_key: Option<String>,
+    fingerprint: Option<String>,
+}
+
+impl From<SshKey> for JsonSshKey {
+    fn from(ssh_key: SshKey) -> Self {
+        JsonSshKey {
+            private_key: ssh_key.private_key,
+            public_key: ssh_key.public_key,
+            fingerprint: ssh_key.fingerprint,
+        }
+    }
+}
+
 #[derive(serde::Serialize)]
 #[serde(rename_all = "camelCase")]
 struct JsonField {
@@ -233,13 +255,15 @@
             CipherType::SecureNote(_) => 2,
             CipherType::Card(_) => 3,
             CipherType::Identity(_) => 4,
+            CipherType::SshKey(_) => 5,
         };
 
-        let (login, secure_note, card, identity) = match cipher.r#type {
-            CipherType::Login(l) => (Some((*l).into()), None, None, None),
-            CipherType::SecureNote(s) => (None, Some((*s).into()), None, None),
-            CipherType::Card(c) => (None, None, Some((*c).into()), None),
-            CipherType::Identity(i) => (None, None, None, Some((*i).into())),
+        let (login, secure_note, card, identity, ssh_key) = match cipher.r#type {
+            CipherType::Login(l) => (Some((*l).into()), None, None, None, None),
+            CipherType::SecureNote(s) => (None, Some((*s).into()), None, None, None),
+            CipherType::Card(c) => (None, None, Some((*c).into()), None, None),
+            CipherType::Identity(i) => (None, None, None, Some((*i).into()), None),
+            CipherType::SshKey(ssh) => (None, None, None, None, Some((*ssh).into())),
         };
 
         JsonCipher {
@@ -254,6 +278,7 @@
             identity,
             card,
             secure_note,
+            ssh_key,
             favorite: cipher.favorite,
             reprompt: cipher.reprompt,
             fields: cipher.fields.into_iter().map(|f| f.into()).collect(),

crates/bitwarden-exporters/src/lib.rs

@@ -70,6 +70,7 @@
     SecureNote(Box<SecureNote>),
     Card(Box<Card>),
     Identity(Box<Identity>),
+    SshKey(Box<SshKey>),
 }
 
 impl fmt::Display for CipherType {
@@ -79,6 +80,7 @@
             CipherType::SecureNote(_) => write!(f, "note"),
             CipherType::Card(_) => write!(f, "card"),
             CipherType::Identity(_) => write!(f, "identity"),
+            CipherType::SshKey(_) => write!(f, "ssh_key"),
         }
     }
 }
@@ -132,3 +134,9 @@
     pub passport_number: Option<String>,
     pub license_number: Option<String>,
 }
+
+pub struct SshKey {
+    pub private_key: Option<String>,
+    pub public_key: Option<String>,
+    pub fingerprint: Option<String>,
+}

crates/bitwarden-exporters/src/models.rs

@@ -74,6 +74,14 @@
                     license_number: i.license_number,
                 }))
             }
+            CipherType::SshKey => {
+                let s = require!(value.ssh_key);
+                crate::CipherType::SshKey(Box::new(crate::SshKey {
+                    private_key: s.private_key,
+                    public_key: s.public_key,
+                    fingerprint: s.fingerprint,
+                }))
+            }
         };
 
         Ok(Self {
@@ -172,6 +180,7 @@
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: true,

crates/bitwarden-vault/src/cipher/attachment.rs

@@ -208,6 +208,7 @@ mod tests {
                 identity: None,
                 card: None,
                 secure_note: None,
+                ssh_key: None,
                 favorite: false,
                 reprompt: CipherRepromptType::None,
                 organization_use_totp: false,
@@ -258,6 +259,7 @@ mod tests {
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: false,
@@ -312,6 +314,7 @@ mod tests {
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: false,

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -14,7 +14,7 @@
 use super::{
     attachment, card, field, identity,
     local_data::{LocalData, LocalDataView},
-    secure_note,
+    secure_note, ssh_key,
 };
 use crate::{
     password_history, Fido2CredentialFullView, Fido2CredentialView, Login, LoginView,
@@ -41,6 +41,7 @@
     SecureNote = 2,
     Card = 3,
     Identity = 4,
+    SshKey = 5,
 }
 
 #[derive(Clone, Copy, Serialize_repr, Deserialize_repr, Debug, JsonSchema, PartialEq)]
@@ -72,6 +73,7 @@
     pub identity: Option<identity::Identity>,
     pub card: Option<card::Card>,
     pub secure_note: Option<secure_note::SecureNote>,
+    pub ssh_key: Option<ssh_key::SshKey>,
 
     pub favorite: bool,
     pub reprompt: CipherRepromptType,
@@ -109,6 +111,7 @@
     pub identity: Option<identity::IdentityView>,
     pub card: Option<card::CardView>,
     pub secure_note: Option<secure_note::SecureNoteView>,
+    pub ssh_key: Option<ssh_key::SshKeyView>,
 
     pub favorite: bool,
     pub reprompt: CipherRepromptType,
@@ -137,6 +140,7 @@
     SecureNote,
     Card,
     Identity,
+    SshKey,
 }
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema, PartialEq)]
@@ -211,6 +215,7 @@
             identity: self.identity.encrypt_with_key(key)?,
             card: self.card.encrypt_with_key(key)?,
             secure_note: self.secure_note.encrypt_with_key(key)?,
+            ssh_key: self.ssh_key.encrypt_with_key(key)?,
             favorite: self.favorite,
             reprompt: self.reprompt,
             organization_use_totp: self.organization_use_totp,
@@ -245,6 +250,7 @@
             identity: self.identity.decrypt_with_key(key).ok().flatten(),
             card: self.card.decrypt_with_key(key).ok().flatten(),
             secure_note: self.secure_note.decrypt_with_key(key).ok().flatten(),
+            ssh_key: self.ssh_key.decrypt_with_key(key).ok().flatten(),
             favorite: self.favorite,
             reprompt: self.reprompt,
             organization_use_totp: self.organization_use_totp,
@@ -329,6 +335,19 @@
                         .transpose()?,
                 )
             }
+            CipherType::SshKey => {
+                let Some(ssh_key) = &self.ssh_key else {
+                    return Ok(String::new());
+                };
+
+                build_subtitle_ssh_key(
+                    ssh_key
+                        .fingerprint
+                        .as_ref()
+                        .map(|c| c.decrypt_with_key(key))
+                        .transpose()?,
+                )
+            }
         })
     }
 }
@@ -389,6 +408,14 @@
     sub_title
 }
 
+fn build_subtitle_ssh_key(fingerprint: Option<String>) -> String {
+    if let Some(fingerprint) = &fingerprint {
+        return fingerprint.clone();
+    }
+
+    "".to_string()
+}
+
 impl CipherView {
     pub fn generate_cipher_key(&mut self, key: &SymmetricCryptoKey) -> Result<(), CryptoError> {
         let old_ciphers_key = Cipher::get_cipher_key(key, &self.key)?;
@@ -553,6 +580,7 @@
                 CipherType::SecureNote => CipherListViewType::SecureNote,
                 CipherType::Card => CipherListViewType::Card,
                 CipherType::Identity => CipherListViewType::Identity,
+                CipherType::SshKey => CipherListViewType::SshKey,
             },
             favorite: self.favorite,
             reprompt: self.reprompt,
@@ -614,6 +642,8 @@
             identity: cipher.identity.map(|i| (*i).try_into()).transpose()?,
             card: cipher.card.map(|c| (*c).try_into()).transpose()?,
             secure_note: cipher.secure_note.map(|s| (*s).try_into()).transpose()?,
+            // todo: add ssh_key when api bindings have been updated
+            ssh_key: None,
             favorite: cipher.favorite.unwrap_or(false),
             reprompt: cipher
                 .reprompt
@@ -650,6 +680,7 @@
             bitwarden_api_api::models::CipherType::SecureNote => CipherType::SecureNote,
             bitwarden_api_api::models::CipherType::Card => CipherType::Card,
             bitwarden_api_api::models::CipherType::Identity => CipherType::Identity,
+            // todo: add ssh_key when api bindings have been updated
         }
     }
 }
@@ -695,6 +726,7 @@
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: true,
@@ -753,6 +785,7 @@
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: false,

crates/bitwarden-vault/src/cipher/mod.rs

@@ -8,6 +8,7 @@ pub(crate) mod linked_id;
 pub(crate) mod local_data;
 pub(crate) mod login;
 pub(crate) mod secure_note;
+pub(crate) mod ssh_key;
 
 pub use attachment::{
     Attachment, AttachmentEncryptResult, AttachmentFile, AttachmentFileView, AttachmentView,

crates/bitwarden-vault/src/cipher/ssh_key.rs

@@ -0,0 +1,43 @@
+use bitwarden_crypto::{
+    CryptoError, EncString, KeyDecryptable, KeyEncryptable, SymmetricCryptoKey,
+};
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize, Debug, JsonSchema, Clone)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+pub struct SshKey {
+    pub private_key: Option<EncString>,
+    pub public_key: Option<EncString>,
+    pub fingerprint: Option<EncString>,
+}
+
+#[derive(Serialize, Deserialize, Debug, JsonSchema, Clone)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+pub struct SshKeyView {
+    pub private_key: Option<String>,
+    pub public_key: Option<String>,
+    pub fingerprint: Option<String>,
+}
+
+impl KeyEncryptable<SymmetricCryptoKey, SshKey> for SshKeyView {
+    fn encrypt_with_key(self, key: &SymmetricCryptoKey) -> Result<SshKey, CryptoError> {
+        Ok(SshKey {
+            private_key: self.private_key.encrypt_with_key(key)?,
+            public_key: self.public_key.encrypt_with_key(key)?,
+            fingerprint: self.fingerprint.encrypt_with_key(key)?,
+        })
+    }
+}
+
+impl KeyDecryptable<SymmetricCryptoKey, SshKeyView> for SshKey {
+    fn decrypt_with_key(&self, key: &SymmetricCryptoKey) -> Result<SshKeyView, CryptoError> {
+        Ok(SshKeyView {
+            private_key: self.private_key.decrypt_with_key(key).ok().flatten(),
+            public_key: self.public_key.decrypt_with_key(key).ok().flatten(),
+            fingerprint: self.fingerprint.decrypt_with_key(key).ok().flatten(),
+        })
+    }
+}

crates/bitwarden-vault/src/mobile/client_ciphers.rs

@@ -118,6 +118,7 @@ mod tests {
                 identity: None,
                 card: None,
                 secure_note: None,
+                ssh_key: None,
                 favorite: false,
                 reprompt: CipherRepromptType::None,
                 organization_use_totp: true,
@@ -159,6 +160,7 @@ mod tests {
             identity: None,
             card: None,
             secure_note: None,
+            ssh_key: None,
             favorite: false,
             reprompt: CipherRepromptType::None,
             organization_use_totp: true,