From ceb645b042e888263ff901df7ab5de3ea45579af Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Fri, 2 Apr 2021 10:13:01 +0100
Subject: [PATCH] winpgnt: mark encrypted/encryptable keys in GUI key list.

Now they have '(encrypted)' or '(re-encryptable)' after them, the same
as Unix Pageant.

Mostly this just involved tinkering with the code in winpgnt.c that
makes up the entry to put in the list box. But I also had to sprinkle
a few more calls to keylist_update() into the cross-platform
pageant.c, to make sure that the key list window is proactively
updated whenever a key is decrypted, re-encrypted, or loaded in
encrypted-only form.
---
 pageant.c         |  6 +++++
 windows/winpgnt.c | 56 +++++++++++++++++++----------------------------
 2 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/pageant.c b/pageant.c
index 585ab3ba..553fcf44 100644
--- a/pageant.c
+++ b/pageant.c
@@ -556,6 +556,8 @@ void pageant_passphrase_request_success(PageantClientDialogId *dlgid,
                                       "passphrase prompts");
             }
             return;
+        } else {
+            keylist_update();
         }
     }
 
@@ -1182,6 +1184,7 @@ static PageantAsyncOp *pageant_make_op(
                     pk->encrypted_key_file = strbuf_new_nm();
                     put_datapl(pk->encrypted_key_file, keyfile);
 
+                    keylist_update();
                     put_byte(sb, SSH_AGENT_SUCCESS);
                     pageant_client_log(
                         pc, reqid, "reply: SSH_AGENT_SUCCESS (added encrypted"
@@ -1209,6 +1212,7 @@ static PageantAsyncOp *pageant_make_op(
                 PageantKey *added = add234(keytree, pk);
                 assert(added == pk); (void)added;
 
+                keylist_update();
                 put_byte(sb, SSH_AGENT_SUCCESS);
                 pageant_client_log(pc, reqid, "reply: SSH_AGENT_SUCCESS (made"
                                    " new encrypted-only key record)");
@@ -1258,6 +1262,7 @@ static PageantAsyncOp *pageant_make_op(
                 goto responded;
             }
 
+            keylist_update();
             put_byte(sb, SSH_AGENT_SUCCESS);
             pageant_client_log(pc, reqid, "reply: SSH_AGENT_SUCCESS");
             break;
@@ -1291,6 +1296,7 @@ static PageantAsyncOp *pageant_make_op(
             if (nsuccesses == 0 && nfailures > 0) {
                 fail("no key could be re-encrypted");
             } else {
+                keylist_update();
                 put_byte(sb, SSH_AGENT_SUCCESS);
                 put_uint32(sb, nfailures);
                 pageant_client_log(pc, reqid, "reply: SSH_AGENT_SUCCESS "
diff --git a/windows/winpgnt.c b/windows/winpgnt.c
index 89272489..bd07aba7 100644
--- a/windows/winpgnt.c
+++ b/windows/winpgnt.c
@@ -299,17 +299,17 @@ static void keylist_update_callback(
 {
     FingerprintType this_type = ssh2_pick_fingerprint(fingerprints, fptype);
     const char *fingerprint = fingerprints[this_type];
-    char *listentry;
+    strbuf *listentry = strbuf_new();
 
     switch (key->ssh_version) {
       case 1: {
-        listentry = dupprintf("ssh1\t%s\t%s", fingerprint, comment);
+        strbuf_catf(listentry, "ssh1\t%s\t%s", fingerprint, comment);
 
         /*
          * Replace the space in the fingerprint (between bit count and
          * hash) with a tab, for nice alignment in the box.
          */
-        char *p = strchr(listentry, ' ');
+        char *p = strchr(listentry->s, ' ');
         if (p)
             *p = '\t';
         break;
@@ -339,47 +339,37 @@ static void keylist_update_callback(
          * overflow past the bit-count tab stop and leave out a tab
          * character. Urgh.
          */
-        listentry = dupprintf("%s\t%s", fingerprint, comment);
-
-        size_t pos = 0;
-        while (1) {
-            pos += strcspn(listentry + pos, " :");
-            if (listentry[pos] == ':' || !listentry[pos])
-                break;
-            listentry[pos++] = '\t';
-        }
-
         BinarySource src[1];
         BinarySource_BARE_INIT_PL(src, ptrlen_from_strbuf(key->blob));
         ptrlen algname = get_string(src);
         const ssh_keyalg *alg = find_pubkey_alg_len(algname);
 
-        if (alg != &ssh_dss && alg != &ssh_rsa) {
-            /*
-             * Remove the bit-count field, which is between the
-             * first and second \t.
-             */
-            int outpos;
-            pos = 0;
-            while (listentry[pos] && listentry[pos] != '\t')
-                pos++;
-            outpos = pos;
-            pos++;
-            while (listentry[pos] && listentry[pos] != '\t')
-                pos++;
-            while (1) {
-                if ((listentry[outpos] = listentry[pos]) == '\0')
-                    break;
-                outpos++;
-                pos++;
+        bool include_bit_count = (alg == &ssh_dss && alg == &ssh_rsa);
+
+        int wordnumber = 0;
+        for (const char *p = fingerprint; *p; p++) {
+            char c = *p;
+            if (c == ' ') {
+                if (wordnumber < 2)
+                    c = '\t';
+                wordnumber++;
             }
+            if (include_bit_count || wordnumber != 1)
+                put_byte(listentry, c);
         }
+
+        strbuf_catf(listentry, "\t%s", comment);
         break;
       }
     }
 
-    SendDlgItemMessage(keylist, 100, LB_ADDSTRING, 0, (LPARAM)listentry);
-    sfree(listentry);
+    if (ext_flags & LIST_EXTENDED_FLAG_HAS_NO_CLEARTEXT_KEY)
+        strbuf_catf(listentry, "\t(encrypted)");
+    else if (ext_flags & LIST_EXTENDED_FLAG_HAS_ENCRYPTED_KEY_FILE)
+        strbuf_catf(listentry, "\t(re-encryptable)");
+
+    SendDlgItemMessage(keylist, 100, LB_ADDSTRING, 0, (LPARAM)listentry->s);
+    strbuf_free(listentry);
 }
 
 /*