1 files changed, 29 insertions, 3 deletions

diff --git a/crypto/openssh/key.h b/crypto/openssh/key.h
index 14aac79..6a2e049 100644
--- a/crypto/openssh/key.h
+++ b/crypto/openssh/key.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */
+/* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,6 +26,7 @@
 #ifndef KEY_H
 #define KEY_H
 
+#include "buffer.h"
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
@@ -34,6 +35,8 @@ enum types {
 	KEY_RSA1,
 	KEY_RSA,
 	KEY_DSA,
+	KEY_RSA_CERT,
+	KEY_DSA_CERT,
 	KEY_UNSPEC
 };
 enum fp_type {
@@ -49,20 +52,35 @@ enum fp_rep {
 /* key is stored in external hardware */
 #define KEY_FLAG_EXT		0x0001
 
+#define CERT_MAX_PRINCIPALS	256
+struct KeyCert {
+	Buffer		 certblob; /* Kept around for use on wire */
+	u_int		 type; /* SSH2_CERT_TYPE_USER or SSH2_CERT_TYPE_HOST */
+	char		*key_id;
+	u_int		 nprincipals;
+	char		**principals;
+	u_int64_t	 valid_after, valid_before;
+	Buffer		 constraints;
+	Key		*signature_key;
+};
+
 struct Key {
 	int	 type;
 	int	 flags;
 	RSA	*rsa;
 	DSA	*dsa;
+	struct KeyCert *cert;
 };
 
 Key		*key_new(int);
+void		 key_add_private(Key *);
 Key		*key_new_private(int);
 void		 key_free(Key *);
 Key		*key_demote(const Key *);
+int		 key_equal_public(const Key *, const Key *);
 int		 key_equal(const Key *, const Key *);
-char		*key_fingerprint(const Key *, enum fp_type, enum fp_rep);
-u_char		*key_fingerprint_raw(const Key *, enum fp_type, u_int *);
+char		*key_fingerprint(Key *, enum fp_type, enum fp_rep);
+u_char		*key_fingerprint_raw(Key *, enum fp_type, u_int *);
 const char	*key_type(const Key *);
 int		 key_write(const Key *, FILE *);
 int		 key_read(Key *, char **);
@@ -71,6 +89,14 @@ u_int		 key_size(const Key *);
 Key	*key_generate(int, u_int);
 Key	*key_from_private(const Key *);
 int	 key_type_from_name(char *);
+int	 key_is_cert(const Key *);
+int	 key_type_plain(int);
+int	 key_to_certified(Key *);
+int	 key_drop_cert(Key *);
+int	 key_certify(Key *, Key *);
+void	 key_cert_copy(const Key *, struct Key *);
+int	 key_cert_check_authority(const Key *, int, int, const char *,
+	    const char **);
 
 Key		*key_from_blob(const u_char *, u_int);
 int		 key_to_blob(const Key *, u_char **, u_int *);