diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-07 21:10:24 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-07 21:10:24 +0000 |
commit | 1b67c9c5424c96ff4e30d12b8d58cec315f000a1 (patch) | |
tree | 65a03cf96bd718d3e57bd2d7f0f0a648cb1986f4 /src/include | |
parent | 4c2b05fe49e5ee49c69337e763a3572af59e78d5 (diff) | |
download | gnunet-1b67c9c5424c96ff4e30d12b8d58cec315f000a1.tar.gz gnunet-1b67c9c5424c96ff4e30d12b8d58cec315f000a1.zip |
- Finish refactoring
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_identity_provider_lib.h | 269 | ||||
-rw-r--r-- | src/include/gnunet_signatures.h | 4 |
2 files changed, 271 insertions, 2 deletions
diff --git a/src/include/gnunet_identity_provider_lib.h b/src/include/gnunet_identity_provider_lib.h new file mode 100644 index 000000000..6e41a009d --- /dev/null +++ b/src/include/gnunet_identity_provider_lib.h | |||
@@ -0,0 +1,269 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file include/gnunet_identity_provider_lib.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef GNUNET_IDENTITY_PROVIDER_LIB_H | ||
27 | #define GNUNET_IDENTITY_PROVIDER_LIB_H | ||
28 | |||
29 | #include "gnunet_crypto_lib.h" | ||
30 | #include <jansson.h> | ||
31 | |||
32 | struct GNUNET_IDENTITY_PROVIDER_Token | ||
33 | { | ||
34 | /** | ||
35 | * JSON header | ||
36 | */ | ||
37 | json_t *header; | ||
38 | |||
39 | /** | ||
40 | * JSON Payload | ||
41 | */ | ||
42 | json_t *payload; | ||
43 | |||
44 | /** | ||
45 | * Token Signature | ||
46 | */ | ||
47 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
48 | |||
49 | /** | ||
50 | * Audience Pubkey | ||
51 | */ | ||
52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
53 | }; | ||
54 | |||
55 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload | ||
56 | { | ||
57 | /** | ||
58 | * Nonce | ||
59 | */ | ||
60 | char* nonce; | ||
61 | |||
62 | /** | ||
63 | * Label | ||
64 | */ | ||
65 | char *label; | ||
66 | |||
67 | /** | ||
68 | * Issuing Identity | ||
69 | */ | ||
70 | struct GNUNET_CRYPTO_EcdsaPublicKey identity_key; | ||
71 | }; | ||
72 | |||
73 | |||
74 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket | ||
75 | { | ||
76 | /** | ||
77 | * Meta info | ||
78 | */ | ||
79 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload; | ||
80 | |||
81 | /** | ||
82 | * ECDH Pubkey | ||
83 | */ | ||
84 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
85 | |||
86 | /** | ||
87 | * Signature | ||
88 | */ | ||
89 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
90 | |||
91 | /** | ||
92 | * Target identity | ||
93 | */ | ||
94 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
95 | }; | ||
96 | |||
97 | |||
98 | |||
99 | /** | ||
100 | * Create an identity token | ||
101 | * | ||
102 | * @param iss the issuer string for the token | ||
103 | * @param aud the audience of the token | ||
104 | * | ||
105 | * @return a new token | ||
106 | */ | ||
107 | struct GNUNET_IDENTITY_PROVIDER_Token* | ||
108 | GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
109 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
110 | |||
111 | /** | ||
112 | * Destroy an identity token | ||
113 | * | ||
114 | * @param token the token to destroy | ||
115 | */ | ||
116 | void | ||
117 | GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
118 | |||
119 | /** | ||
120 | * Add a new key value pair to the token | ||
121 | * | ||
122 | * @param token the token to modify | ||
123 | * @param key the key | ||
124 | * @param value the value | ||
125 | */ | ||
126 | void | ||
127 | GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
128 | const char* key, | ||
129 | const char* value); | ||
130 | |||
131 | /** | ||
132 | * Add a new key value pair to the token with the value as json | ||
133 | * | ||
134 | * @param the token to modify | ||
135 | * @param key the key | ||
136 | * @param value the value | ||
137 | * | ||
138 | */ | ||
139 | void | ||
140 | GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
141 | const char* key, | ||
142 | json_t* value); | ||
143 | |||
144 | /** | ||
145 | * Serialize a token. The token will be signed and base64 according to the | ||
146 | * JWT format. The signature is base32-encoded ECDSA. | ||
147 | * The resulting JWT is encrypted using | ||
148 | * ECDHE for the audience and Base64 | ||
149 | * encoded in result. The audience requires the ECDHE public key P | ||
150 | * to decrypt the token T. The key P is included in the result and prepended | ||
151 | * before the token | ||
152 | * | ||
153 | * @param token the token to serialize | ||
154 | * @param priv_key the private key used to sign the token | ||
155 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
156 | * @param result P,Base64(E(T)) | ||
157 | * | ||
158 | * @return GNUNET_OK on success | ||
159 | */ | ||
160 | int | ||
161 | GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
162 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
163 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | ||
164 | char **result); | ||
165 | |||
166 | /** | ||
167 | * Parses the serialized token and returns a token | ||
168 | * | ||
169 | * @param data the serialized token | ||
170 | * @param priv_key the private key of the audience | ||
171 | * @param result the token | ||
172 | * | ||
173 | * @return GNUNET_OK on success | ||
174 | */ | ||
175 | int | ||
176 | GNUNET_IDENTITY_PROVIDER_token_parse (const char* data, | ||
177 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
178 | struct GNUNET_IDENTITY_PROVIDER_Token **result); | ||
179 | |||
180 | /** | ||
181 | * Parses the serialized token and returns a token | ||
182 | * This variant is intended for the party that issued the token and also | ||
183 | * wants to decrypt the serialized token. | ||
184 | * | ||
185 | * @param data the serialized token | ||
186 | * @param priv_key the private (!) ECDHE key | ||
187 | * @param aud_key the identity of the audience | ||
188 | * @param result the token | ||
189 | * | ||
190 | * @return GNUNET_OK on success | ||
191 | */ | ||
192 | int | ||
193 | GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data, | ||
194 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
195 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
196 | struct GNUNET_IDENTITY_PROVIDER_Token **result); | ||
197 | |||
198 | |||
199 | /** | ||
200 | * | ||
201 | * Returns a JWT-string representation of the token | ||
202 | * | ||
203 | * @param token the token | ||
204 | * @param priv_key the private key used to sign the JWT | ||
205 | * @param result the JWT | ||
206 | * | ||
207 | * @return GNUNET_OK on success | ||
208 | */ | ||
209 | int | ||
210 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
211 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
212 | char **result); | ||
213 | |||
214 | /** | ||
215 | * | ||
216 | * Creates a ticket that can be exchanged by the audience for | ||
217 | * the token. The token must be placed under the label | ||
218 | * | ||
219 | * @param nonce_str nonce provided by the audience that requested the ticket | ||
220 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
221 | * @param label the label encoded in the ticket | ||
222 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
223 | * | ||
224 | * @return the ticket | ||
225 | */ | ||
226 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket* | ||
227 | GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, | ||
228 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
229 | const char* lbl_str, | ||
230 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | ||
231 | |||
232 | /** | ||
233 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
234 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
235 | * | ||
236 | * @param ticket the ticket to serialize | ||
237 | * @param priv_key the issuer private key to sign the ticket payload | ||
238 | * @param result the serialized ticket | ||
239 | * | ||
240 | * @return GNUNET_OK on success | ||
241 | */ | ||
242 | int | ||
243 | GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, | ||
244 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
245 | char **result); | ||
246 | |||
247 | /** | ||
248 | * Destroys a ticket | ||
249 | * | ||
250 | * @param the ticket to destroy | ||
251 | */ | ||
252 | void | ||
253 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket); | ||
254 | |||
255 | /** | ||
256 | * Parses a serialized ticket | ||
257 | * | ||
258 | * @param data the serialized ticket | ||
259 | * @param priv_key the audience private key | ||
260 | * @param ticket the ticket | ||
261 | * | ||
262 | * @return GNUNET_OK on success | ||
263 | */ | ||
264 | int | ||
265 | GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data, | ||
266 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
267 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket); | ||
268 | |||
269 | #endif | ||
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index dd6afbec5..95d570b54 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -182,9 +182,9 @@ extern "C" | |||
182 | #define GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN 26 | 182 | #define GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN 26 |
183 | 183 | ||
184 | /** | 184 | /** |
185 | * Signature for a GNUid Token Reference | 185 | * Signature for a GNUid Ticket |
186 | */ | 186 | */ |
187 | #define GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE 27 | 187 | #define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27 |
188 | 188 | ||
189 | #if 0 /* keep Emacsens' auto-indent happy */ | 189 | #if 0 /* keep Emacsens' auto-indent happy */ |
190 | { | 190 | { |