#ifndef WH_KEYUTILS_H_4e0bcc3c_
#define WH_KEYUTILS_H_4e0bcc3c_

/* This file is in the public domain. */

/*
 * Key-related utilities.  These are implementations of key-data
 *  processing command-line options.
 */

/*
 * A key fingerprint.  Historically, these have been 16-octet blobs
 *  produced by MD5.  With SHA-1 fingerprints, such as are present in
 *  SSHFP DNS records, or SHA-256 fingerprints, such as recent OpenSSH
 *  generates,we have to get a bit more elaborate.
 *
 * We have presence bits because some of the ways we can get key
 *  fingerprints don't provide all hashes.
 */
typedef struct kfp KFP;
struct kfp {
  unsigned int have;
#define KFP_HAVE_MD5    0x00000001
#define KFP_HAVE_SHA1   0x00000002
#define KFP_HAVE_SHA256 0x00000004
  unsigned char md5[16];
  unsigned char sha1[20];
  unsigned char sha256[32];
  } ;

/*
 * Import a key: read interchange format from stdin and write our
 *  format to stdout.
 */
extern void do_import(void);

/*
 * Export a key: read our format from stdin and write interchange
 *  format to stdout.
 */
extern void do_export(void);

/*
 * Compute fingerprints: takes public-key data as pointer-and-length
 *  and returns a KFP.
 */
extern KFP compute_fingerprint(const void *, int);

/*
 * Check to see if two fingerprints match.  Return is true for a match,
 *  false for no match.
 */
extern int equal_kfp(KFP a, KFP b);

/*
 * High-level fingerprint operation: read a key (in our format) from
 *  stdin and print its fingerprints on stdout.
 */
extern void do_fingerprint(void);

/*
 * Print fingerprint: given a key fingerprint hash, print it to a given
 *  FILE *.  This can print multiple forms, controlled by the third
 *  argument.  Only those forms whose bits are set are printed; as a
 *  convenience, KFP_ALL_ALL selects all supported forms.
 *
 * When multiple forms are printed, there is no way to control what
 *  order they're printed in.  If you want that, make multiple calls,
 *  each specifying exactly one form.
 *
 * Forms which are requested but which the KFP doesn't have data for
 *  are omitted entirely by default.  If KFP_MARK_MISSING is passed,
 *  they print as ! instead (print_kfp never prints ! under any other
 *  circumstances).
 */
extern void print_kfp(FILE *, KFP, unsigned int);
#define KFP_MD5_HEX       0x00000001U
#define KFP_MD5_BASE85    0x00000002U
#define KFP_SHA1_HEX      0x00000004U
#define KFP_SHA1_BASE85   0x00000008U
#define KFP_SHA256_BASE85 0x00000010U
#define KFP_MARK_MISSING 0x00000020U
#define KFP_ALL_HEX (KFP_MD5_HEX|KFP_SHA1_HEX)
#define KFP_ALL_BASE85 (KFP_MD5_BASE85|KFP_SHA1_BASE85|KFP_SHA256_BASE85)
#define KFP_MD5_ALL (KFP_MD5_HEX|KFP_MD5_BASE85)
#define KFP_SHA1_ALL (KFP_SHA1_HEX|KFP_SHA1_BASE85)
#define KFP_SHA256_ALL KFP_SHA256_BASE85
#define KFP_ALL_ALL (KFP_ALL_HEX|KFP_ALL_BASE85)

/*
 * Convert a key fingerprint in string form into a KFP.  Returns
 *  nonzero if it worked, zero if it failed.  On failure, some or all
 *  of the fingerprint may be altered.
 */
extern int read_kfp(const char *, int, KFP *);

#endif