diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-08 18:59:47 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-08 18:59:47 +0000 |
commit | 35262a0fe27afccb154122f113adcc75947ee45d (patch) | |
tree | 5b1259067c9da96e60c2a303415b222a4c383319 /src/include | |
parent | 1b67c9c5424c96ff4e30d12b8d58cec315f000a1 (diff) | |
download | gnunet-35262a0fe27afccb154122f113adcc75947ee45d.tar.gz gnunet-35262a0fe27afccb154122f113adcc75947ee45d.zip |
- More heavy refactoring. Probably lots of broken things to see here.
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_identity_provider_lib.h | 269 | ||||
-rw-r--r-- | src/include/gnunet_identity_provider_service.h | 202 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 17 |
3 files changed, 218 insertions, 270 deletions
diff --git a/src/include/gnunet_identity_provider_lib.h b/src/include/gnunet_identity_provider_lib.h deleted file mode 100644 index 6e41a009d..000000000 --- a/src/include/gnunet_identity_provider_lib.h +++ /dev/null | |||
@@ -1,269 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file include/gnunet_identity_provider_lib.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef GNUNET_IDENTITY_PROVIDER_LIB_H | ||
27 | #define GNUNET_IDENTITY_PROVIDER_LIB_H | ||
28 | |||
29 | #include "gnunet_crypto_lib.h" | ||
30 | #include <jansson.h> | ||
31 | |||
32 | struct GNUNET_IDENTITY_PROVIDER_Token | ||
33 | { | ||
34 | /** | ||
35 | * JSON header | ||
36 | */ | ||
37 | json_t *header; | ||
38 | |||
39 | /** | ||
40 | * JSON Payload | ||
41 | */ | ||
42 | json_t *payload; | ||
43 | |||
44 | /** | ||
45 | * Token Signature | ||
46 | */ | ||
47 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
48 | |||
49 | /** | ||
50 | * Audience Pubkey | ||
51 | */ | ||
52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
53 | }; | ||
54 | |||
55 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload | ||
56 | { | ||
57 | /** | ||
58 | * Nonce | ||
59 | */ | ||
60 | char* nonce; | ||
61 | |||
62 | /** | ||
63 | * Label | ||
64 | */ | ||
65 | char *label; | ||
66 | |||
67 | /** | ||
68 | * Issuing Identity | ||
69 | */ | ||
70 | struct GNUNET_CRYPTO_EcdsaPublicKey identity_key; | ||
71 | }; | ||
72 | |||
73 | |||
74 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket | ||
75 | { | ||
76 | /** | ||
77 | * Meta info | ||
78 | */ | ||
79 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload; | ||
80 | |||
81 | /** | ||
82 | * ECDH Pubkey | ||
83 | */ | ||
84 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
85 | |||
86 | /** | ||
87 | * Signature | ||
88 | */ | ||
89 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
90 | |||
91 | /** | ||
92 | * Target identity | ||
93 | */ | ||
94 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
95 | }; | ||
96 | |||
97 | |||
98 | |||
99 | /** | ||
100 | * Create an identity token | ||
101 | * | ||
102 | * @param iss the issuer string for the token | ||
103 | * @param aud the audience of the token | ||
104 | * | ||
105 | * @return a new token | ||
106 | */ | ||
107 | struct GNUNET_IDENTITY_PROVIDER_Token* | ||
108 | GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
109 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
110 | |||
111 | /** | ||
112 | * Destroy an identity token | ||
113 | * | ||
114 | * @param token the token to destroy | ||
115 | */ | ||
116 | void | ||
117 | GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
118 | |||
119 | /** | ||
120 | * Add a new key value pair to the token | ||
121 | * | ||
122 | * @param token the token to modify | ||
123 | * @param key the key | ||
124 | * @param value the value | ||
125 | */ | ||
126 | void | ||
127 | GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
128 | const char* key, | ||
129 | const char* value); | ||
130 | |||
131 | /** | ||
132 | * Add a new key value pair to the token with the value as json | ||
133 | * | ||
134 | * @param the token to modify | ||
135 | * @param key the key | ||
136 | * @param value the value | ||
137 | * | ||
138 | */ | ||
139 | void | ||
140 | GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
141 | const char* key, | ||
142 | json_t* value); | ||
143 | |||
144 | /** | ||
145 | * Serialize a token. The token will be signed and base64 according to the | ||
146 | * JWT format. The signature is base32-encoded ECDSA. | ||
147 | * The resulting JWT is encrypted using | ||
148 | * ECDHE for the audience and Base64 | ||
149 | * encoded in result. The audience requires the ECDHE public key P | ||
150 | * to decrypt the token T. The key P is included in the result and prepended | ||
151 | * before the token | ||
152 | * | ||
153 | * @param token the token to serialize | ||
154 | * @param priv_key the private key used to sign the token | ||
155 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
156 | * @param result P,Base64(E(T)) | ||
157 | * | ||
158 | * @return GNUNET_OK on success | ||
159 | */ | ||
160 | int | ||
161 | GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
162 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
163 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | ||
164 | char **result); | ||
165 | |||
166 | /** | ||
167 | * Parses the serialized token and returns a token | ||
168 | * | ||
169 | * @param data the serialized token | ||
170 | * @param priv_key the private key of the audience | ||
171 | * @param result the token | ||
172 | * | ||
173 | * @return GNUNET_OK on success | ||
174 | */ | ||
175 | int | ||
176 | GNUNET_IDENTITY_PROVIDER_token_parse (const char* data, | ||
177 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
178 | struct GNUNET_IDENTITY_PROVIDER_Token **result); | ||
179 | |||
180 | /** | ||
181 | * Parses the serialized token and returns a token | ||
182 | * This variant is intended for the party that issued the token and also | ||
183 | * wants to decrypt the serialized token. | ||
184 | * | ||
185 | * @param data the serialized token | ||
186 | * @param priv_key the private (!) ECDHE key | ||
187 | * @param aud_key the identity of the audience | ||
188 | * @param result the token | ||
189 | * | ||
190 | * @return GNUNET_OK on success | ||
191 | */ | ||
192 | int | ||
193 | GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data, | ||
194 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
195 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
196 | struct GNUNET_IDENTITY_PROVIDER_Token **result); | ||
197 | |||
198 | |||
199 | /** | ||
200 | * | ||
201 | * Returns a JWT-string representation of the token | ||
202 | * | ||
203 | * @param token the token | ||
204 | * @param priv_key the private key used to sign the JWT | ||
205 | * @param result the JWT | ||
206 | * | ||
207 | * @return GNUNET_OK on success | ||
208 | */ | ||
209 | int | ||
210 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
211 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
212 | char **result); | ||
213 | |||
214 | /** | ||
215 | * | ||
216 | * Creates a ticket that can be exchanged by the audience for | ||
217 | * the token. The token must be placed under the label | ||
218 | * | ||
219 | * @param nonce_str nonce provided by the audience that requested the ticket | ||
220 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
221 | * @param label the label encoded in the ticket | ||
222 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
223 | * | ||
224 | * @return the ticket | ||
225 | */ | ||
226 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket* | ||
227 | GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, | ||
228 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
229 | const char* lbl_str, | ||
230 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | ||
231 | |||
232 | /** | ||
233 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
234 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
235 | * | ||
236 | * @param ticket the ticket to serialize | ||
237 | * @param priv_key the issuer private key to sign the ticket payload | ||
238 | * @param result the serialized ticket | ||
239 | * | ||
240 | * @return GNUNET_OK on success | ||
241 | */ | ||
242 | int | ||
243 | GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, | ||
244 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
245 | char **result); | ||
246 | |||
247 | /** | ||
248 | * Destroys a ticket | ||
249 | * | ||
250 | * @param the ticket to destroy | ||
251 | */ | ||
252 | void | ||
253 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket); | ||
254 | |||
255 | /** | ||
256 | * Parses a serialized ticket | ||
257 | * | ||
258 | * @param data the serialized ticket | ||
259 | * @param priv_key the audience private key | ||
260 | * @param ticket the ticket | ||
261 | * | ||
262 | * @return GNUNET_OK on success | ||
263 | */ | ||
264 | int | ||
265 | GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data, | ||
266 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
267 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket); | ||
268 | |||
269 | #endif | ||
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h new file mode 100644 index 000000000..283c1b40c --- /dev/null +++ b/src/include/gnunet_identity_provider_service.h | |||
@@ -0,0 +1,202 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2016 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file include/gnunet_identity_provider_service.h | ||
23 | * @brief Identity provider service; implements identity provider for GNUnet | ||
24 | * @author Martin Schanzenbach | ||
25 | * | ||
26 | * Egos in GNUnet are ECDSA keys. You assume an ego by using (signing | ||
27 | * with) a particular private key. As GNUnet users are expected to | ||
28 | * have many egos, we need an identity service to allow users to | ||
29 | * manage their egos. The identity service manages the egos (private | ||
30 | * keys) of the local user; it does NOT manage egos of other users | ||
31 | * (public keys). For giving names to other users and manage their | ||
32 | * public keys securely, we use GNS. | ||
33 | * | ||
34 | * @defgroup identity-provider service | ||
35 | * @{ | ||
36 | */ | ||
37 | #ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H | ||
38 | #define GNUNET_IDENTITY_PROVIDER_SERVICE_H | ||
39 | |||
40 | #ifdef __cplusplus | ||
41 | extern "C" | ||
42 | { | ||
43 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
44 | } | ||
45 | #endif | ||
46 | #endif | ||
47 | |||
48 | #include "gnunet_util_lib.h" | ||
49 | |||
50 | |||
51 | /** | ||
52 | * Version number of GNUnet Identity Provider API. | ||
53 | */ | ||
54 | #define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000 | ||
55 | |||
56 | /** | ||
57 | * Handle to access the identity service. | ||
58 | */ | ||
59 | struct GNUNET_IDENTITY_PROVIDER_Handle; | ||
60 | |||
61 | /** | ||
62 | * Handle for a token. | ||
63 | */ | ||
64 | struct GNUNET_IDENTITY_PROVIDER_Token; | ||
65 | |||
66 | /** | ||
67 | * Handle for a ticket | ||
68 | */ | ||
69 | struct GNUNET_IDENTITY_PROVIDER_Ticket; | ||
70 | |||
71 | /** | ||
72 | * Handle for an operation with the identity provider service. | ||
73 | */ | ||
74 | struct GNUNET_IDENTITY_PROVIDER_Operation; | ||
75 | |||
76 | /** | ||
77 | * Method called when a token has been exchanged for a ticket. | ||
78 | * On success returns a token | ||
79 | * | ||
80 | * @param cls closure | ||
81 | * @param token the token | ||
82 | */ | ||
83 | typedef void | ||
84 | (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls, | ||
85 | const struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
86 | |||
87 | /** | ||
88 | * Method called when a token has been issued. | ||
89 | * On success returns a ticket that can be given to the audience to retrive the | ||
90 | * token | ||
91 | * | ||
92 | * @param cls closure | ||
93 | * @param ticket the ticket | ||
94 | * @param name name assigned by the user for this ego, | ||
95 | * NULL if the user just deleted the ego and it | ||
96 | * must thus no longer be used | ||
97 | */ | ||
98 | typedef void | ||
99 | (*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls, | ||
100 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | ||
101 | |||
102 | |||
103 | /** | ||
104 | * Connect to the identity provider service. | ||
105 | * | ||
106 | * @param cfg Configuration to contact the identity provider service. | ||
107 | * @return handle to communicate with identity provider service | ||
108 | */ | ||
109 | struct GNUNET_IDENTITY_PROVIDER_Handle * | ||
110 | GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); | ||
111 | |||
112 | |||
113 | /** | ||
114 | * Issue a token for a specific audience. | ||
115 | * | ||
116 | * @param id identity provider service to use | ||
117 | * @param iss issuer (identity) | ||
118 | * @param aud audience (identity) | ||
119 | * @param scope the identity attributes requested, comman separated | ||
120 | * @param expiration the token expiration | ||
121 | * @param nonce the nonce that will be included in token and ticket | ||
122 | * @param cb callback to call with result | ||
123 | * @param cb_cls closure | ||
124 | * @return handle to abort the operation | ||
125 | */ | ||
126 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
127 | GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
128 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, | ||
129 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
130 | const char* scope, | ||
131 | struct GNUNET_TIME_Absolute *expiration, | ||
132 | uint64_t nonce, | ||
133 | GNUNET_IDENTITY_PROVIDER_IssueCallback cb, | ||
134 | void *cb_cls); | ||
135 | |||
136 | |||
137 | /** | ||
138 | * Exchange a ticket for a token. Intended to be used by audience that | ||
139 | * received a ticket. | ||
140 | * | ||
141 | * @param id identity provider service to use | ||
142 | * @param ticket the ticket to exchange | ||
143 | * @param aud_privkey the audience of the ticket | ||
144 | * @param cont function to call once the operation finished | ||
145 | * @param cont_cls closure for @a cont | ||
146 | * @return handle to abort the operation | ||
147 | */ | ||
148 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
149 | GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
150 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
151 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, | ||
152 | GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, | ||
153 | void *cont_cls); | ||
154 | |||
155 | |||
156 | /** | ||
157 | * Disconnect from identity provider service. | ||
158 | * | ||
159 | * @param h identity provider service to disconnect | ||
160 | */ | ||
161 | void | ||
162 | GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); | ||
163 | |||
164 | |||
165 | /** | ||
166 | * Cancel an identity provider operation. Note that the operation MAY still | ||
167 | * be executed; this merely cancels the continuation; if the request | ||
168 | * was already transmitted, the service may still choose to complete | ||
169 | * the operation. | ||
170 | * | ||
171 | * @param op operation to cancel | ||
172 | */ | ||
173 | void | ||
174 | GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); | ||
175 | |||
176 | |||
177 | /** | ||
178 | * Convenience API | ||
179 | */ | ||
180 | char * | ||
181 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
182 | |||
183 | char * | ||
184 | GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | ||
185 | |||
186 | |||
187 | int | ||
188 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, | ||
189 | struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket); | ||
190 | |||
191 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
192 | { | ||
193 | #endif | ||
194 | #ifdef __cplusplus | ||
195 | } | ||
196 | #endif | ||
197 | |||
198 | /** @} */ /* end of group identity */ | ||
199 | |||
200 | /* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */ | ||
201 | #endif | ||
202 | /* end of gnunet_identity_provider_service.h */ | ||
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index d6b9c5084..2d1fbbd62 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -2822,8 +2822,23 @@ extern "C" | |||
2822 | 2822 | ||
2823 | /*******************************************************************************/ | 2823 | /*******************************************************************************/ |
2824 | 2824 | ||
2825 | |||
2826 | /************************************************** | ||
2827 | * | ||
2828 | * IDENTITY PROVIDER MESSAGE TYPES | ||
2829 | */ | ||
2830 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE 961 | ||
2831 | |||
2832 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE 962 | ||
2833 | |||
2834 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT 963 | ||
2835 | |||
2836 | #define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT 964 | ||
2837 | |||
2838 | /*******************************************************************************/ | ||
2839 | |||
2825 | /** | 2840 | /** |
2826 | * Next available: 960 | 2841 | * Next available: 970 |
2827 | */ | 2842 | */ |
2828 | 2843 | ||
2829 | /** | 2844 | /** |