Deprecate "ssh1_server_host_key" parameters *e* and *p*

They are named such that *e* is actually the modulus, not the exponent. The replacement parameters are named *exponent* and *modulus* for clarity.
2025-10-02 14:48:21 +00:00 · 2020-11-13 22:23:29 -08:00 · 2020-11-13 22:23:29 -08:00 · 45449dad72
commit 45449dad72
parent bd40a97a78
6 changed files with 33 additions and 19 deletions
--- a/4
+++ b/4
@ -151,6 +151,10 @@ Deprecated Functionality
 - ``Type::GetAliases()`` and ``Type::AddAlias()`` are deprecated, use
  ``Type::Aliases()`` and ``Type::RegisterAlias()``.
 - The ``ssh1_server_host_key`` event's modulus and exponent parameters,
  *e* and *p*, were named in misleading way (*e* is the modulus)
  and now deprecated in favor of the new *modulus* and *exponent* parameters.
 Zeek 3.2.0
 ==========
--- a/scripts/base/protocols/ssh/main.zeek
+++ b/scripts/base/protocols/ssh/main.zeek
@ -292,9 +292,9 @@ function generate_fingerprint(c: connection, key: string)
 	c$ssh$host_key = join_string_vec(lx, ":");
 	}
-event ssh1_server_host_key(c: connection, p: string, e: string) &priority=5
+event ssh1_server_host_key(c: connection, modulus: string, exponent: string) &priority=5
 	{
-	generate_fingerprint(c, e + p);
+	generate_fingerprint(c, modulus + exponent);
 	}
 event ssh2_server_host_key(c: connection, key: string) &priority=5
--- a/src/analyzer/protocol/ssh/events.bif
+++ b/src/analyzer/protocol/ssh/events.bif
@ -127,16 +127,26 @@ event ssh2_server_host_key%(c: connection, key: string%);
 ## c: The connection over which the :abbr:`SSH (Secure Shell)`
 ##    connection took place.
 ##
-## p: The prime for the server's public host key.
+## p: The exponent for the server's public host key (note this parameter
 ##    is truly the exponent even though named *p* and the *exponent* parameter
 ##    will eventually replace it).
 ##
-## e: The exponent for the serer's public host key.
+## e: The prime modulus for the server's public host key (note this parameter
 ##    is truly the modulus even though named *e* and the *modulus* parameter
 ##    will eventually replace it).
 ##
 ## modulus: The prime modulus of the server's public host key.
 ##
 ## exponent: The exponent of the server's public host key.
 ##
 ## .. zeek:see:: ssh_server_version ssh_client_version
 ##    ssh_auth_successful ssh_auth_failed ssh_auth_result
 ##    ssh_auth_attempted ssh_capabilities ssh2_server_host_key
 ##    ssh_server_host_key ssh_encrypted_packet ssh2_dh_server_params
 ##    ssh2_gss_error ssh2_ecc_key
-event ssh1_server_host_key%(c: connection, p: string, e: string%);
+event ssh1_server_host_key%(c: connection, p: string &deprecated="Remove in v4.1", e: string &deprecated="Remove in v4.1", modulus: string, exponent: string%);
 event ssh1_server_host_key%(c: connection, modulus: string, exponent: string%);
 event ssh1_server_host_key%(c: connection, p: string, e: string%) &deprecated="Remove in v4.1.  The 'p' and 'e' parameters are misleadingly named don't use them.";
 ## During the :abbr:`SSH (Secure Shell)` key exchange, the server
 ## supplies its public host key. This event is generated when the
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@ -177,25 +177,25 @@ refine flow SSH_Flow += {
 		return true;
 		%}
-	function proc_ssh1_server_host_key(p: bytestring, e: bytestring): bool
+	function proc_ssh1_server_host_key(exp: bytestring, mod: bytestring): bool
 		%{
 		if ( ssh1_server_host_key )
 			{
 			zeek::BifEvent::enqueue_ssh1_server_host_key(connection()->zeek_analyzer(),
 				connection()->zeek_analyzer()->Conn(),
-				to_stringval(${p}),
+				to_stringval(${exp}),
-				to_stringval(${e}));
+				to_stringval(${mod}),
 				to_stringval(${mod}),
 				to_stringval(${exp}));
 			}
 		if ( ssh_server_host_key )
 			{
 			unsigned char digest[MD5_DIGEST_LENGTH];
 			auto ctx = zeek::detail::hash_init(zeek::detail::Hash_MD5);
 			// Note: the 'p' and 'e' parameters actually have swapped meanings with
 			//       'p' actually being the exponent.
 			// Fingerprint is calculated over concatenation of modulus + exponent.
-			zeek::detail::hash_update(ctx, ${e}.data(), ${e}.length());
+			zeek::detail::hash_update(ctx, ${mod}.data(), ${mod}.length());
-			zeek::detail::hash_update(ctx, ${p}.data(), ${p}.length());
+			zeek::detail::hash_update(ctx, ${exp}.data(), ${exp}.length());
 			zeek::detail::hash_final(ctx, digest);
 			zeek::BifEvent::enqueue_ssh_server_host_key(connection()->zeek_analyzer(),
@ -267,5 +267,5 @@ refine typeattr SSH2_ECC_INIT += &let {
 };
 refine typeattr SSH1_PUBLIC_KEY += &let {
-	proc:  bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val);
+	proc:  bool = $context.flow.proc_ssh1_server_host_key(host_key_exp.val, host_key_mod.val);
 };
--- a/src/analyzer/protocol/ssh/ssh-protocol.pac
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@ -60,11 +60,11 @@ type SSH1_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_typ
 type SSH1_PUBLIC_KEY(length: uint32) = record {
 	cookie            : bytestring &length=8;
 	server_key        : uint32;
-	server_key_p      : ssh1_mp_int;
+	server_key_exp    : ssh1_mp_int;
-	server_key_e      : ssh1_mp_int;
+	server_key_mod    : ssh1_mp_int;
 	host_key          : uint32;
-	host_key_p        : ssh1_mp_int;
+	host_key_exp      : ssh1_mp_int;
-	host_key_e        : ssh1_mp_int;
+	host_key_mod      : ssh1_mp_int;
 	flags             : uint32;
 	supported_ciphers : uint32;
 	supported_auths   : uint32;
--- a/testing/btest/scripts/base/protocols/ssh/fingerprints.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/fingerprints.zeek
@ -8,9 +8,9 @@ event ssh2_server_host_key(c: connection, key: string)
 	print "ssh2 server host key fingerprint",  md5_hash(key);
 	}
-event ssh1_server_host_key(c: connection, p: string, e: string)
+event ssh1_server_host_key(c: connection, modulus: string, exponent: string)
 	{
-	print "ssh1 server host key fingerprint", md5_hash(e + p);
+	print "ssh1 server host key fingerprint", md5_hash(modulus + exponent);
 	}
 event ssh_server_host_key(c: connection, hash: string)