From e5fbed76321d7907c60c7bd93cfeebc86783ecaa Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 5 Jan 2020 10:28:45 +0000 Subject: [PATCH] Rename all public/private key load/save functions. Now they have names that are more consistent (no more userkey_this but that_userkey); a bit shorter; and, most importantly, all the current functions end in _f to indicate that they deal with keys stored in disk files. I'm about to add a second set of entry points that deal with keys via the more general BinarySource / BinarySink interface, which will sit alongside these with a different suffix. --- cmdgen.c | 23 +++++++++++------------ pageant.c | 15 ++++++++------- ssh.h | 33 +++++++++++++++++---------------- ssh1login.c | 13 ++++++------- ssh2userauth.c | 12 +++++------- sshpubk.c | 27 ++++++++++++--------------- unix/uxpgnt.c | 8 ++++---- unix/uxserver.c | 15 +++++++-------- windows/winpgen.c | 19 ++++++++----------- 9 files changed, 78 insertions(+), 87 deletions(-) diff --git a/cmdgen.c b/cmdgen.c index 5c17ce2b..4946aa5c 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -750,9 +750,9 @@ int main(int argc, char **argv) * Find out whether the input key is encrypted. */ if (intype == SSH_KEYTYPE_SSH1) - encrypted = rsa_ssh1_encrypted(infilename, &origcomment); + encrypted = rsa1_encrypted_f(infilename, &origcomment); else if (intype == SSH_KEYTYPE_SSH2) - encrypted = ssh2_userkey_encrypted(infilename, &origcomment); + encrypted = ppk_encrypted_f(infilename, &origcomment); else encrypted = import_encrypted(infilename, intype, &origcomment); @@ -797,8 +797,8 @@ int main(int argc, char **argv) blob = strbuf_new(); - ret = rsa_ssh1_loadpub(infilename, BinarySink_UPCAST(blob), - &origcomment, &error); + ret = rsa1_loadpub_f(infilename, BinarySink_UPCAST(blob), + &origcomment, &error); BinarySource_BARE_INIT(src, blob->u, blob->len); get_rsa_ssh1_pub(src, ssh1key, RSA_SSH1_EXPONENT_FIRST); strbuf_free(blob); @@ -809,8 +809,7 @@ int main(int argc, char **argv) ssh1key->q = NULL; ssh1key->iqmp = NULL; } else { - ret = rsa_ssh1_loadkey( - infilename, ssh1key, old_passphrase, &error); + ret = rsa1_load_f(infilename, ssh1key, old_passphrase, &error); } if (ret > 0) error = NULL; @@ -825,8 +824,9 @@ int main(int argc, char **argv) sfree(origcomment); origcomment = NULL; ssh2blob = strbuf_new(); - if (ssh2_userkey_loadpub(infilename, &ssh2alg, BinarySink_UPCAST(ssh2blob), - &origcomment, &error)) { + if (ppk_loadpub_f(infilename, &ssh2alg, + BinarySink_UPCAST(ssh2blob), + &origcomment, &error)) { const ssh_keyalg *alg = find_pubkey_alg(ssh2alg); if (alg) bits = ssh_key_public_bits( @@ -839,8 +839,7 @@ int main(int argc, char **argv) } sfree(ssh2alg); } else { - ssh2key = ssh2_load_userkey(infilename, old_passphrase, - &error); + ssh2key = ppk_load_f(infilename, old_passphrase, &error); } if ((ssh2key && ssh2key != SSH2_WRONG_PASSPHRASE) || ssh2blob) error = NULL; @@ -953,14 +952,14 @@ int main(int argc, char **argv) random_ref(); /* we'll need a few random bytes in the save file */ if (sshver == 1) { assert(ssh1key); - ret = rsa_ssh1_savekey(outfilename, ssh1key, new_passphrase); + ret = rsa1_save_f(outfilename, ssh1key, new_passphrase); if (!ret) { fprintf(stderr, "puttygen: unable to save SSH-1 private key\n"); return 1; } } else { assert(ssh2key); - ret = ssh2_save_userkey(outfilename, ssh2key, new_passphrase); + ret = ppk_save_f(outfilename, ssh2key, new_passphrase); if (!ret) { fprintf(stderr, "puttygen: unable to save SSH-2 private key\n"); return 1; diff --git a/pageant.c b/pageant.c index 2391fa77..6f900dc3 100644 --- a/pageant.c +++ b/pageant.c @@ -1036,7 +1036,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, int i, nkeys, keylistlen; if (type == SSH_KEYTYPE_SSH1) { - if (!rsa_ssh1_loadpub(filename, BinarySink_UPCAST(blob), NULL, &error)) { + if (!rsa1_loadpub_f(filename, BinarySink_UPCAST(blob), + NULL, &error)) { *retstr = dupprintf("Couldn't load private key (%s)", error); strbuf_free(blob); return PAGEANT_ACTION_FAILURE; @@ -1047,8 +1048,8 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, * length, so add a placeholder here to fill in * afterwards */ put_uint32(blob, 0); - if (!ssh2_userkey_loadpub(filename, NULL, BinarySink_UPCAST(blob), - NULL, &error)) { + if (!ppk_loadpub_f(filename, NULL, BinarySink_UPCAST(blob), + NULL, &error)) { *retstr = dupprintf("Couldn't load private key (%s)", error); strbuf_free(blob); return PAGEANT_ACTION_FAILURE; @@ -1145,9 +1146,9 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, error = NULL; if (type == SSH_KEYTYPE_SSH1) - needs_pass = rsa_ssh1_encrypted(filename, &comment); + needs_pass = rsa1_encrypted_f(filename, &comment); else - needs_pass = ssh2_userkey_encrypted(filename, &comment); + needs_pass = ppk_encrypted_f(filename, &comment); attempts = 0; if (type == SSH_KEYTYPE_SSH1) rkey = snew(RSAKey); @@ -1183,9 +1184,9 @@ int pageant_add_keyfile(Filename *filename, const char *passphrase, this_passphrase = ""; if (type == SSH_KEYTYPE_SSH1) - ret = rsa_ssh1_loadkey(filename, rkey, this_passphrase, &error); + ret = rsa1_load_f(filename, rkey, this_passphrase, &error); else { - skey = ssh2_load_userkey(filename, this_passphrase, &error); + skey = ppk_load_f(filename, this_passphrase, &error); if (skey == SSH2_WRONG_PASSPHRASE) ret = -1; else if (!skey) diff --git a/ssh.h b/ssh.h index e25313c0..284c43ee 100644 --- a/ssh.h +++ b/ssh.h @@ -1147,13 +1147,6 @@ mp_int *dh_create_e(dh_ctx *, int nbits); const char *dh_validate_f(dh_ctx *, mp_int *f); mp_int *dh_find_K(dh_ctx *, mp_int *f); -bool rsa_ssh1_encrypted(const Filename *filename, char **comment); -int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs, - char **commentptr, const char **errorstr); -int rsa_ssh1_loadkey(const Filename *filename, RSAKey *key, - const char *passphrase, const char **errorstr); -bool rsa_ssh1_savekey(const Filename *filename, RSAKey *key, char *passphrase); - static inline bool is_base64_char(char c) { return ((c >= '0' && c <= '9') || @@ -1168,18 +1161,26 @@ extern void base64_encode_atom(const unsigned char *data, int n, char *out); extern void base64_encode(FILE *fp, const unsigned char *data, int datalen, int cpl); -/* ssh2_load_userkey can return this as an error */ +/* ppk_load_* can return this as an error */ extern ssh2_userkey ssh2_wrong_passphrase; #define SSH2_WRONG_PASSPHRASE (&ssh2_wrong_passphrase) -bool ssh2_userkey_encrypted(const Filename *filename, char **comment); -ssh2_userkey *ssh2_load_userkey( - const Filename *filename, const char *passphrase, const char **errorstr); -bool ssh2_userkey_loadpub( - const Filename *filename, char **algorithm, BinarySink *bs, - char **commentptr, const char **errorstr); -bool ssh2_save_userkey( - const Filename *filename, ssh2_userkey *key, char *passphrase); +bool ppk_encrypted_f(const Filename *filename, char **comment); +bool rsa1_encrypted_f(const Filename *filename, char **comment); + +ssh2_userkey *ppk_load_f(const Filename *filename, const char *passphrase, + const char **errorstr); +int rsa1_load_f(const Filename *filename, RSAKey *key, + const char *passphrase, const char **errorstr); + +bool ppk_save_f(const Filename *filename, ssh2_userkey *key, char *passphrase); +bool rsa1_save_f(const Filename *filename, RSAKey *key, char *passphrase); + +bool ppk_loadpub_f(const Filename *filename, char **algorithm, BinarySink *bs, + char **commentptr, const char **errorstr); +int rsa1_loadpub_f(const Filename *filename, BinarySink *bs, + char **commentptr, const char **errorstr); + const ssh_keyalg *find_pubkey_alg(const char *name); const ssh_keyalg *find_pubkey_alg_len(ptrlen name); diff --git a/ssh1login.c b/ssh1login.c index 98b7fb5b..f0850312 100644 --- a/ssh1login.c +++ b/ssh1login.c @@ -451,13 +451,13 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) keytype == SSH_KEYTYPE_SSH1_PUBLIC) { const char *error; s->publickey_blob = strbuf_new(); - if (rsa_ssh1_loadpub(s->keyfile, - BinarySink_UPCAST(s->publickey_blob), - &s->publickey_comment, &error)) { + if (rsa1_loadpub_f(s->keyfile, + BinarySink_UPCAST(s->publickey_blob), + &s->publickey_comment, &error)) { s->privatekey_available = (keytype == SSH_KEYTYPE_SSH1); if (!s->privatekey_available) ppl_logevent("Key file contains public key only"); - s->privatekey_encrypted = rsa_ssh1_encrypted(s->keyfile, NULL); + s->privatekey_encrypted = rsa1_encrypted_f(s->keyfile, NULL); } else { ppl_logevent("Unable to load key (%s)", error); ppl_printf("Unable to load key file \"%s\" (%s)\r\n", @@ -683,8 +683,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) /* * Try decrypting key with passphrase. */ - retd = rsa_ssh1_loadkey( - s->keyfile, &s->key, passphrase, &error); + retd = rsa1_load_f(s->keyfile, &s->key, passphrase, &error); if (passphrase) { smemclr(passphrase, strlen(passphrase)); sfree(passphrase); @@ -702,7 +701,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) got_passphrase = false; /* and try again */ } else { - unreachable("unexpected return from rsa_ssh1_loadkey()"); + unreachable("unexpected return from rsa1_load_f()"); } } diff --git a/ssh2userauth.c b/ssh2userauth.c index 32dde8d0..43c2888d 100644 --- a/ssh2userauth.c +++ b/ssh2userauth.c @@ -269,15 +269,13 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) { const char *error; s->publickey_blob = strbuf_new(); - if (ssh2_userkey_loadpub(s->keyfile, - &s->publickey_algorithm, - BinarySink_UPCAST(s->publickey_blob), - &s->publickey_comment, &error)) { + if (ppk_loadpub_f(s->keyfile, &s->publickey_algorithm, + BinarySink_UPCAST(s->publickey_blob), + &s->publickey_comment, &error)) { s->privatekey_available = (keytype == SSH_KEYTYPE_SSH2); if (!s->privatekey_available) ppl_logevent("Key file contains public key only"); - s->privatekey_encrypted = - ssh2_userkey_encrypted(s->keyfile, NULL); + s->privatekey_encrypted = ppk_encrypted_f(s->keyfile, NULL); } else { ppl_logevent("Unable to load key (%s)", error); ppl_printf("Unable to load key file \"%s\" (%s)\r\n", @@ -893,7 +891,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) /* * Try decrypting the key. */ - key = ssh2_load_userkey(s->keyfile, passphrase, &error); + key = ppk_load_f(s->keyfile, passphrase, &error); if (passphrase) { /* burn the evidence */ smemclr(passphrase, strlen(passphrase)); diff --git a/sshpubk.c b/sshpubk.c index 33ab7c6c..77874e67 100644 --- a/sshpubk.c +++ b/sshpubk.c @@ -150,8 +150,8 @@ static int rsa_ssh1_load_main(FILE * fp, RSAKey *key, bool pub_only, return ret; } -int rsa_ssh1_loadkey(const Filename *filename, RSAKey *key, - const char *passphrase, const char **errorstr) +int rsa1_load_f(const Filename *filename, RSAKey *key, + const char *passphrase, const char **errorstr) { FILE *fp; char buf[64]; @@ -194,7 +194,7 @@ int rsa_ssh1_loadkey(const Filename *filename, RSAKey *key, * See whether an RSA key is encrypted. Return its comment field as * well. */ -bool rsa_ssh1_encrypted(const Filename *filename, char **comment) +bool rsa1_encrypted_f(const Filename *filename, char **comment) { FILE *fp; char buf[64]; @@ -222,8 +222,8 @@ bool rsa_ssh1_encrypted(const Filename *filename, char **comment) * Read the public part of an SSH-1 RSA key from a file (public or * private), and generate its public blob in exponent-first order. */ -int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs, - char **commentptr, const char **errorstr) +int rsa1_loadpub_f(const Filename *filename, BinarySink *bs, + char **commentptr, const char **errorstr) { FILE *fp; char buf[64]; @@ -319,8 +319,7 @@ int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs, /* * Save an RSA key file. Return true on success. */ -bool rsa_ssh1_savekey(const Filename *filename, RSAKey *key, - char *passphrase) +bool rsa1_save_f(const Filename *filename, RSAKey *key, char *passphrase) { strbuf *buf = strbuf_new_nm(); int estart; @@ -606,8 +605,8 @@ static int userkey_parse_line_counter(const char *text) return -1; } -ssh2_userkey *ssh2_load_userkey( - const Filename *filename, const char *passphrase, const char **errorstr) +ssh2_userkey *ppk_load_f(const Filename *filename, const char *passphrase, + const char **errorstr) { FILE *fp; char header[40], *b, *encryption, *comment, *mac; @@ -1056,9 +1055,8 @@ bool openssh_loadpub(FILE *fp, char **algorithm, return false; } -bool ssh2_userkey_loadpub(const Filename *filename, char **algorithm, - BinarySink *bs, - char **commentptr, const char **errorstr) +bool ppk_loadpub_f(const Filename *filename, char **algorithm, BinarySink *bs, + char **commentptr, const char **errorstr) { FILE *fp; char header[40], *b; @@ -1159,7 +1157,7 @@ bool ssh2_userkey_loadpub(const Filename *filename, char **algorithm, return false; } -bool ssh2_userkey_encrypted(const Filename *filename, char **commentptr) +bool ppk_encrypted_f(const Filename *filename, char **commentptr) { FILE *fp; char header[40], *b, *comment; @@ -1247,8 +1245,7 @@ void base64_encode(FILE *fp, const unsigned char *data, int datalen, int cpl) fputc('\n', fp); } -bool ssh2_save_userkey( - const Filename *filename, ssh2_userkey *key, char *passphrase) +bool ppk_save_f(const Filename *filename, ssh2_userkey *key, char *passphrase) { FILE *fp; strbuf *pub_blob, *priv_blob; diff --git a/unix/uxpgnt.c b/unix/uxpgnt.c index 2431a29a..2553a50c 100644 --- a/unix/uxpgnt.c +++ b/unix/uxpgnt.c @@ -537,8 +537,8 @@ struct pageant_pubkey *find_key(const char *string, char **retstr) const char *error; key_in.blob = strbuf_new(); - if (!rsa_ssh1_loadpub(fn, BinarySink_UPCAST(key_in.blob), - NULL, &error)) { + if (!rsa1_loadpub_f(fn, BinarySink_UPCAST(key_in.blob), + NULL, &error)) { strbuf_free(key_in.blob); key_in.blob = NULL; if (file_errors) { @@ -567,8 +567,8 @@ struct pageant_pubkey *find_key(const char *string, char **retstr) const char *error; key_in.blob = strbuf_new(); - if (!ssh2_userkey_loadpub(fn, NULL, BinarySink_UPCAST(key_in.blob), - NULL, &error)) { + if (!ppk_loadpub_f(fn, NULL, BinarySink_UPCAST(key_in.blob), + NULL, &error)) { strbuf_free(key_in.blob); key_in.blob = NULL; if (file_errors) { diff --git a/unix/uxserver.c b/unix/uxserver.c index b063e50e..98eaf8dd 100644 --- a/unix/uxserver.c +++ b/unix/uxserver.c @@ -581,7 +581,7 @@ int main(int argc, char **argv) if (keytype == SSH_KEYTYPE_SSH2) { ssh2_userkey *uk; ssh_key *key; - uk = ssh2_load_userkey(keyfile, NULL, &error); + uk = ppk_load_f(keyfile, NULL, &error); filename_free(keyfile); if (!uk || !uk->key) { fprintf(stderr, "%s: unable to load host key '%s': " @@ -615,7 +615,7 @@ int main(int argc, char **argv) exit(1); } hostkey1 = snew(RSAKey); - if (!rsa_ssh1_loadkey(keyfile, hostkey1, NULL, &error)) { + if (!rsa1_load_f(keyfile, hostkey1, NULL, &error)) { fprintf(stderr, "%s: unable to load host key '%s': " "%s\n", appname, val, error); exit(1); @@ -647,8 +647,7 @@ int main(int argc, char **argv) ssc.rsa_kex_key = snew(RSAKey); } - if (!rsa_ssh1_loadkey(keyfile, ssc.rsa_kex_key, - NULL, &error)) { + if (!rsa1_load_f(keyfile, ssc.rsa_kex_key, NULL, &error)) { fprintf(stderr, "%s: unable to load RSA kex key '%s': " "%s\n", appname, val, error); exit(1); @@ -669,8 +668,8 @@ int main(int argc, char **argv) struct AuthPolicy_ssh2_pubkey *node; void *blob; - if (!ssh2_userkey_loadpub(keyfile, NULL, BinarySink_UPCAST(sb), - NULL, &error)) { + if (!ppk_loadpub_f(keyfile, NULL, BinarySink_UPCAST(sb), + NULL, &error)) { fprintf(stderr, "%s: unable to load user key '%s': " "%s\n", appname, val, error); exit(1); @@ -690,8 +689,8 @@ int main(int argc, char **argv) BinarySource src[1]; struct AuthPolicy_ssh1_pubkey *node; - if (!rsa_ssh1_loadpub(keyfile, BinarySink_UPCAST(sb), - NULL, &error)) { + if (!rsa1_loadpub_f(keyfile, BinarySink_UPCAST(sb), + NULL, &error)) { fprintf(stderr, "%s: unable to load user key '%s': " "%s\n", appname, val, error); exit(1); diff --git a/windows/winpgen.c b/windows/winpgen.c index 353caa02..ad815584 100644 --- a/windows/winpgen.c +++ b/windows/winpgen.c @@ -672,9 +672,9 @@ void load_key_file(HWND hwnd, struct MainDlgState *state, comment = NULL; passphrase = NULL; if (realtype == SSH_KEYTYPE_SSH1) - needs_pass = rsa_ssh1_encrypted(filename, &comment); + needs_pass = rsa1_encrypted_f(filename, &comment); else if (realtype == SSH_KEYTYPE_SSH2) - needs_pass = ssh2_userkey_encrypted(filename, &comment); + needs_pass = ppk_encrypted_f(filename, &comment); else needs_pass = import_encrypted(filename, realtype, &comment); do { @@ -699,14 +699,13 @@ void load_key_file(HWND hwnd, struct MainDlgState *state, passphrase = dupstr(""); if (type == SSH_KEYTYPE_SSH1) { if (realtype == type) - ret = rsa_ssh1_loadkey( - filename, &newkey1, passphrase, &errmsg); + ret = rsa1_load_f(filename, &newkey1, passphrase, &errmsg); else ret = import_ssh1(filename, realtype, &newkey1, passphrase, &errmsg); } else { if (realtype == type) - newkey2 = ssh2_load_userkey(filename, passphrase, &errmsg); + newkey2 = ppk_load_f(filename, passphrase, &errmsg); else newkey2 = import_ssh2(filename, realtype, passphrase, &errmsg); if (newkey2 == SSH2_WRONG_PASSPHRASE) @@ -1309,9 +1308,8 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg, ret = export_ssh2(fn, type, &state->ssh2key, *passphrase ? passphrase : NULL); else - ret = ssh2_save_userkey(fn, &state->ssh2key, - *passphrase ? passphrase : - NULL); + ret = ppk_save_f(fn, &state->ssh2key, + *passphrase ? passphrase : NULL); filename_free(fn); } else { Filename *fn = filename_from_str(filename); @@ -1319,9 +1317,8 @@ static INT_PTR CALLBACK MainDlgProc(HWND hwnd, UINT msg, ret = export_ssh1(fn, type, &state->key, *passphrase ? passphrase : NULL); else - ret = rsa_ssh1_savekey( - fn, &state->key, - *passphrase ? passphrase : NULL); + ret = rsa1_save_f(fn, &state->key, + *passphrase ? passphrase : NULL); filename_free(fn); } if (ret <= 0) {