From 3727d371019b2688ec623b64a966f17e57fea6bf Mon Sep 17 00:00:00 2001
From: Toni Spets <toni.spets@iki.fi>
Date: Fri, 13 Jul 2018 17:41:47 +0300
Subject: [PATCH] SSH Agent: Expect passphrases to be in UTF-8

The previous default was to expect passphrases to be ASCII or
rather Latin-1. It would be reasonable to expect modern keys to
use UTF-8 instead.

This is a non-breaking change if passphrases only use characters
that fall within ASCII.

Fixes #2102
---
 src/sshagent/OpenSSHKey.cpp |  2 +-
 tests/TestOpenSSHKey.cpp    | 26 ++++++++++++++++++++++++++
 tests/TestOpenSSHKey.h      |  1 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/sshagent/OpenSSHKey.cpp b/src/sshagent/OpenSSHKey.cpp
index cfff5a400..4527bfb60 100644
--- a/src/sshagent/OpenSSHKey.cpp
+++ b/src/sshagent/OpenSSHKey.cpp
@@ -350,7 +350,7 @@ bool OpenSSHKey::openPrivateKey(const QString& passphrase)
         QByteArray decryptKey;
         decryptKey.fill(0, cipher->keySize() + cipher->blockSize());
 
-        QByteArray phraseData = passphrase.toLatin1();
+        QByteArray phraseData = passphrase.toUtf8();
         if (bcrypt_pbkdf(phraseData, salt, decryptKey, rounds) < 0) {
             m_error = tr("Key derivation failed, key file corrupted?");
             return false;
diff --git a/tests/TestOpenSSHKey.cpp b/tests/TestOpenSSHKey.cpp
index 8e226750c..ab21c1a39 100644
--- a/tests/TestOpenSSHKey.cpp
+++ b/tests/TestOpenSSHKey.cpp
@@ -427,3 +427,29 @@ void TestOpenSSHKey::testDecryptRSAAES256CTR()
     QCOMPARE(key.comment(), QString(""));
     QCOMPARE(key.fingerprint(), QString("SHA256:1Hsebt2WWnmc72FERsUOgvaajIGHkrMONxXylcmk87U"));
 }
+
+void TestOpenSSHKey::testDecryptUTF8()
+{
+    const QString keyString = QString(
+	"-----BEGIN OPENSSH PRIVATE KEY-----\n"
+	"b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDtSl4OvT\n"
+	"H/wHay2dvjOnpIAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIIhrBrn6rb+d3GwF\n"
+	"ifpJ6gYut95lXvwypiQmu9ZpA8H9AAAAsD85Gpn2mbVEWq3ygx11wBnN5mUQXnMuP48rLv\n"
+	"0qwm12IihOkrR925ledwN2Sa5mkkL0XjDz6SsKfIFhFa84hUHQdw5zPR8yVGRWLzkNDmo7\n"
+	"WXNpnoE4ebsX2j0TsBNjP80RUcJdjSXidkt3+aZjaCfquO8cBQn4GJJSDSPwFJYlJeSD/h\n"
+	"vpb72MEQchOD3NNMORYTJ5sOJ73RayhhmwjTVlrG+zYAw6fXW0YXX3+5LE\n"
+	"-----END OPENSSH PRIVATE KEY-----\n"
+    );
+
+    const QByteArray keyData = keyString.toLatin1();
+
+    OpenSSHKey key;
+    QVERIFY(key.parse(keyData));
+    QVERIFY(key.encrypted());
+    QCOMPARE(key.cipherName(), QString("aes256-ctr"));
+    QVERIFY(!key.openPrivateKey("incorrectpassphrase"));
+    QVERIFY(key.openPrivateKey("äåéëþüúíóö"));
+    QCOMPARE(key.fingerprint(), QString("SHA256:EfUXwvH4rOoys+AlbznCqjMwzIVW8KuhoWu9uT03FYA"));
+    QCOMPARE(key.type(), QString("ssh-ed25519"));
+    QCOMPARE(key.comment(), QString("opensshkey-test-utf8@keepassxc"));
+}
diff --git a/tests/TestOpenSSHKey.h b/tests/TestOpenSSHKey.h
index 77ca270d0..214de8942 100644
--- a/tests/TestOpenSSHKey.h
+++ b/tests/TestOpenSSHKey.h
@@ -37,6 +37,7 @@ private slots:
     void testDecryptRSAAES256CBC();
     void testDecryptOpenSSHAES256CTR();
     void testDecryptRSAAES256CTR();
+    void testDecryptUTF8();
 };
 
 #endif // TESTOPENSSHKEY_H