diff options
Diffstat (limited to 'src/identity-provider/identity_token.h')
-rw-r--r-- | src/identity-provider/identity_token.h | 346 |
1 files changed, 0 insertions, 346 deletions
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h deleted file mode 100644 index 7ded6662e..000000000 --- a/src/identity-provider/identity_token.h +++ /dev/null | |||
@@ -1,346 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file identity-provider/identity_token.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef IDENTITY_TOKEN_H | ||
27 | #define IDENTITY_TOKEN_H | ||
28 | |||
29 | #include "gnunet_crypto_lib.h" | ||
30 | #include <jansson.h> | ||
31 | |||
32 | struct IdentityToken | ||
33 | { | ||
34 | /** | ||
35 | * DLL | ||
36 | */ | ||
37 | struct TokenAttr *attr_head; | ||
38 | |||
39 | /** | ||
40 | * DLL | ||
41 | */ | ||
42 | struct TokenAttr *attr_tail; | ||
43 | |||
44 | /** | ||
45 | * Token Signature | ||
46 | */ | ||
47 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
48 | |||
49 | /** | ||
50 | * Audience Pubkey | ||
51 | */ | ||
52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
53 | }; | ||
54 | |||
55 | struct TokenAttr | ||
56 | { | ||
57 | /** | ||
58 | * DLL | ||
59 | */ | ||
60 | struct TokenAttr *next; | ||
61 | |||
62 | /** | ||
63 | * DLL | ||
64 | */ | ||
65 | struct TokenAttr *prev; | ||
66 | |||
67 | /** | ||
68 | * Attribute name | ||
69 | */ | ||
70 | char *name; | ||
71 | |||
72 | /** | ||
73 | * Attribute value DLL | ||
74 | */ | ||
75 | struct TokenAttrValue *val_head; | ||
76 | |||
77 | /** | ||
78 | * Attribute value DLL | ||
79 | */ | ||
80 | struct TokenAttrValue *val_tail; | ||
81 | |||
82 | }; | ||
83 | |||
84 | struct TokenAttrValue | ||
85 | { | ||
86 | /** | ||
87 | * DLL | ||
88 | */ | ||
89 | struct TokenAttrValue *next; | ||
90 | |||
91 | /** | ||
92 | * DLL | ||
93 | */ | ||
94 | struct TokenAttrValue *prev; | ||
95 | |||
96 | /** | ||
97 | * Attribute value | ||
98 | */ | ||
99 | char *value; | ||
100 | |||
101 | /** | ||
102 | * Attribute int value | ||
103 | * used if NULL == value | ||
104 | */ | ||
105 | uint64_t int_value; | ||
106 | }; | ||
107 | |||
108 | struct TokenTicketPayload | ||
109 | { | ||
110 | /** | ||
111 | * Nonce | ||
112 | */ | ||
113 | uint64_t nonce; | ||
114 | |||
115 | /** | ||
116 | * Label | ||
117 | */ | ||
118 | char *label; | ||
119 | |||
120 | /** | ||
121 | * Issuing Identity | ||
122 | */ | ||
123 | struct GNUNET_CRYPTO_EcdsaPublicKey identity_key; | ||
124 | }; | ||
125 | |||
126 | |||
127 | struct TokenTicket | ||
128 | { | ||
129 | /** | ||
130 | * Meta info | ||
131 | */ | ||
132 | struct TokenTicketPayload *payload; | ||
133 | |||
134 | /** | ||
135 | * ECDH Pubkey | ||
136 | */ | ||
137 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
138 | |||
139 | /** | ||
140 | * Signature | ||
141 | */ | ||
142 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
143 | |||
144 | /** | ||
145 | * Target identity | ||
146 | */ | ||
147 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
148 | }; | ||
149 | |||
150 | |||
151 | |||
152 | /** | ||
153 | * Create an identity token | ||
154 | * | ||
155 | * @param iss the issuer string for the token | ||
156 | * @param aud the audience of the token | ||
157 | * | ||
158 | * @return a new token | ||
159 | */ | ||
160 | struct IdentityToken* | ||
161 | token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
162 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
163 | |||
164 | /** | ||
165 | * Destroy an identity token | ||
166 | * | ||
167 | * @param token the token to destroy | ||
168 | */ | ||
169 | void | ||
170 | token_destroy (struct IdentityToken*token); | ||
171 | |||
172 | /** | ||
173 | * Add a new key value pair to the token | ||
174 | * | ||
175 | * @param token the token to modify | ||
176 | * @param key the key | ||
177 | * @param value the value | ||
178 | */ | ||
179 | void | ||
180 | token_add_attr (struct IdentityToken *token, | ||
181 | const char* key, | ||
182 | const char* value); | ||
183 | |||
184 | /** | ||
185 | * Add a new key value pair to the token | ||
186 | * | ||
187 | * @param token the token to modify | ||
188 | * @param key the key | ||
189 | * @param value the value | ||
190 | */ | ||
191 | void | ||
192 | token_add_attr_int (struct IdentityToken *token, | ||
193 | const char* key, | ||
194 | uint64_t value); | ||
195 | |||
196 | |||
197 | |||
198 | /** | ||
199 | * Add a value to a TokenAttribute | ||
200 | * | ||
201 | * @param attr the token attribute | ||
202 | * @param value value to add | ||
203 | */ | ||
204 | void | ||
205 | token_attr_add_value (const struct TokenAttr *attr, | ||
206 | const char *value); | ||
207 | |||
208 | /** | ||
209 | * Add a new key value pair to the token with the value as json | ||
210 | * | ||
211 | * @param the token to modify | ||
212 | * @param key the key | ||
213 | * @param value the value | ||
214 | * | ||
215 | */ | ||
216 | void | ||
217 | token_add_json (const struct IdentityToken *token, | ||
218 | const char* key, | ||
219 | json_t* value); | ||
220 | |||
221 | /** | ||
222 | * Serialize a token. The token will be signed and base64 according to the | ||
223 | * JWT format. The signature is base32-encoded ECDSA. | ||
224 | * The resulting JWT is encrypted using | ||
225 | * ECDHE for the audience and Base64 | ||
226 | * encoded in result. The audience requires the ECDHE public key P | ||
227 | * to decrypt the token T. The key P is included in the result and prepended | ||
228 | * before the token | ||
229 | * | ||
230 | * @param token the token to serialize | ||
231 | * @param priv_key the private key used to sign the token | ||
232 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
233 | * @param result P,Base64(E(T)) | ||
234 | * | ||
235 | * @return GNUNET_OK on success | ||
236 | */ | ||
237 | int | ||
238 | token_serialize (const struct IdentityToken*token, | ||
239 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
240 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | ||
241 | char **result); | ||
242 | |||
243 | /** | ||
244 | * Parses the serialized token and returns a token | ||
245 | * | ||
246 | * @param data the serialized token | ||
247 | * @param priv_key the private key of the audience | ||
248 | * @param result the token | ||
249 | * | ||
250 | * @return GNUNET_OK on success | ||
251 | */ | ||
252 | int | ||
253 | token_parse (const char* data, | ||
254 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
255 | struct IdentityToken **result); | ||
256 | |||
257 | /** | ||
258 | * Parses the serialized token and returns a token | ||
259 | * This variant is intended for the party that issued the token and also | ||
260 | * wants to decrypt the serialized token. | ||
261 | * | ||
262 | * @param data the serialized token | ||
263 | * @param priv_key the private (!) ECDHE key | ||
264 | * @param aud_key the identity of the audience | ||
265 | * @param result the token | ||
266 | * | ||
267 | * @return GNUNET_OK on success | ||
268 | */ | ||
269 | int | ||
270 | token_parse2 (const char* data, | ||
271 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
272 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
273 | struct IdentityToken **result); | ||
274 | |||
275 | |||
276 | /** | ||
277 | * | ||
278 | * Returns a JWT-string representation of the token | ||
279 | * | ||
280 | * @param token the token | ||
281 | * @param priv_key the private key used to sign the JWT | ||
282 | * @param result the JWT | ||
283 | * | ||
284 | * @return GNUNET_OK on success | ||
285 | */ | ||
286 | int | ||
287 | token_to_string (const struct IdentityToken *token, | ||
288 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
289 | char **result); | ||
290 | |||
291 | /** | ||
292 | * | ||
293 | * Creates a ticket that can be exchanged by the audience for | ||
294 | * the token. The token must be placed under the label | ||
295 | * | ||
296 | * @param nonce nonce provided by the audience that requested the ticket | ||
297 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
298 | * @param label the label encoded in the ticket | ||
299 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
300 | * | ||
301 | * @return the ticket | ||
302 | */ | ||
303 | struct TokenTicket* | ||
304 | ticket_create (uint64_t nonce, | ||
305 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
306 | const char* lbl_str, | ||
307 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | ||
308 | |||
309 | /** | ||
310 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
311 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
312 | * | ||
313 | * @param ticket the ticket to serialize | ||
314 | * @param priv_key the issuer private key to sign the ticket payload | ||
315 | * @param result the serialized ticket | ||
316 | * | ||
317 | * @return GNUNET_OK on success | ||
318 | */ | ||
319 | int | ||
320 | ticket_serialize (struct TokenTicket *ticket, | ||
321 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
322 | char **result); | ||
323 | |||
324 | /** | ||
325 | * Destroys a ticket | ||
326 | * | ||
327 | * @param the ticket to destroy | ||
328 | */ | ||
329 | void | ||
330 | ticket_destroy (struct TokenTicket *ticket); | ||
331 | |||
332 | /** | ||
333 | * Parses a serialized ticket | ||
334 | * | ||
335 | * @param data the serialized ticket | ||
336 | * @param priv_key the audience private key | ||
337 | * @param ticket the ticket | ||
338 | * | ||
339 | * @return GNUNET_OK on success | ||
340 | */ | ||
341 | int | ||
342 | ticket_parse (const char* raw_data, | ||
343 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
344 | struct TokenTicket **ticket); | ||
345 | |||
346 | #endif | ||