diff options
Diffstat (limited to 'key.h')
-rw-r--r-- | key.h | 32 |
1 files changed, 29 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -26,6 +26,7 @@ | |||
26 | #ifndef KEY_H | 26 | #ifndef KEY_H |
27 | #define KEY_H | 27 | #define KEY_H |
28 | 28 | ||
29 | #include "buffer.h" | ||
29 | #include <openssl/rsa.h> | 30 | #include <openssl/rsa.h> |
30 | #include <openssl/dsa.h> | 31 | #include <openssl/dsa.h> |
31 | 32 | ||
@@ -34,6 +35,8 @@ enum types { | |||
34 | KEY_RSA1, | 35 | KEY_RSA1, |
35 | KEY_RSA, | 36 | KEY_RSA, |
36 | KEY_DSA, | 37 | KEY_DSA, |
38 | KEY_RSA_CERT, | ||
39 | KEY_DSA_CERT, | ||
37 | KEY_UNSPEC | 40 | KEY_UNSPEC |
38 | }; | 41 | }; |
39 | enum fp_type { | 42 | enum fp_type { |
@@ -49,20 +52,35 @@ enum fp_rep { | |||
49 | /* key is stored in external hardware */ | 52 | /* key is stored in external hardware */ |
50 | #define KEY_FLAG_EXT 0x0001 | 53 | #define KEY_FLAG_EXT 0x0001 |
51 | 54 | ||
55 | #define CERT_MAX_PRINCIPALS 256 | ||
56 | struct KeyCert { | ||
57 | Buffer certblob; /* Kept around for use on wire */ | ||
58 | u_int type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */ | ||
59 | char *key_id; | ||
60 | u_int nprincipals; | ||
61 | char **principals; | ||
62 | u_int64_t valid_after, valid_before; | ||
63 | Buffer constraints; | ||
64 | Key *signature_key; | ||
65 | }; | ||
66 | |||
52 | struct Key { | 67 | struct Key { |
53 | int type; | 68 | int type; |
54 | int flags; | 69 | int flags; |
55 | RSA *rsa; | 70 | RSA *rsa; |
56 | DSA *dsa; | 71 | DSA *dsa; |
72 | struct KeyCert *cert; | ||
57 | }; | 73 | }; |
58 | 74 | ||
59 | Key *key_new(int); | 75 | Key *key_new(int); |
76 | void key_add_private(Key *); | ||
60 | Key *key_new_private(int); | 77 | Key *key_new_private(int); |
61 | void key_free(Key *); | 78 | void key_free(Key *); |
62 | Key *key_demote(const Key *); | 79 | Key *key_demote(const Key *); |
80 | int key_equal_public(const Key *, const Key *); | ||
63 | int key_equal(const Key *, const Key *); | 81 | int key_equal(const Key *, const Key *); |
64 | char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); | 82 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); |
65 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); | 83 | u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); |
66 | const char *key_type(const Key *); | 84 | const char *key_type(const Key *); |
67 | int key_write(const Key *, FILE *); | 85 | int key_write(const Key *, FILE *); |
68 | int key_read(Key *, char **); | 86 | int key_read(Key *, char **); |
@@ -71,6 +89,14 @@ u_int key_size(const Key *); | |||
71 | Key *key_generate(int, u_int); | 89 | Key *key_generate(int, u_int); |
72 | Key *key_from_private(const Key *); | 90 | Key *key_from_private(const Key *); |
73 | int key_type_from_name(char *); | 91 | int key_type_from_name(char *); |
92 | int key_is_cert(const Key *); | ||
93 | int key_type_plain(int); | ||
94 | int key_to_certified(Key *); | ||
95 | int key_drop_cert(Key *); | ||
96 | int key_certify(Key *, Key *); | ||
97 | void key_cert_copy(const Key *, struct Key *); | ||
98 | int key_cert_check_authority(const Key *, int, int, const char *, | ||
99 | const char **); | ||
74 | 100 | ||
75 | Key *key_from_blob(const u_char *, u_int); | 101 | Key *key_from_blob(const u_char *, u_int); |
76 | int key_to_blob(const Key *, u_char **, u_int *); | 102 | int key_to_blob(const Key *, u_char **, u_int *); |