diff options
Diffstat (limited to 'src/identity-token/identity-token.h')
-rw-r--r-- | src/identity-token/identity-token.h | 190 |
1 files changed, 162 insertions, 28 deletions
diff --git a/src/identity-token/identity-token.h b/src/identity-token/identity-token.h index 1520dcf6a..6e41a009d 100644 --- a/src/identity-token/identity-token.h +++ b/src/identity-token/identity-token.h | |||
@@ -1,13 +1,35 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors) | ||
1 | 4 | ||
2 | #ifndef GNUNET_IDENTITY_TOKEN_H | 5 | GNUnet is free software; you can redistribute it and/or modify |
3 | #define GNUNET_IDENTITY_TOKEN_H | 6 | it under the terms of the GNU General Public License as published |
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
4 | 9 | ||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
5 | 14 | ||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file include/gnunet_identity_provider_lib.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef GNUNET_IDENTITY_PROVIDER_LIB_H | ||
27 | #define GNUNET_IDENTITY_PROVIDER_LIB_H | ||
6 | 28 | ||
7 | #include "gnunet_crypto_lib.h" | 29 | #include "gnunet_crypto_lib.h" |
8 | #include <jansson.h> | 30 | #include <jansson.h> |
9 | 31 | ||
10 | struct IdentityToken | 32 | struct GNUNET_IDENTITY_PROVIDER_Token |
11 | { | 33 | { |
12 | /** | 34 | /** |
13 | * JSON header | 35 | * JSON header |
@@ -30,7 +52,7 @@ struct IdentityToken | |||
30 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | 52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; |
31 | }; | 53 | }; |
32 | 54 | ||
33 | struct IdentityTokenCodePayload | 55 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload |
34 | { | 56 | { |
35 | /** | 57 | /** |
36 | * Nonce | 58 | * Nonce |
@@ -49,12 +71,12 @@ struct IdentityTokenCodePayload | |||
49 | }; | 71 | }; |
50 | 72 | ||
51 | 73 | ||
52 | struct IdentityTokenCode | 74 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket |
53 | { | 75 | { |
54 | /** | 76 | /** |
55 | * Meta info | 77 | * Meta info |
56 | */ | 78 | */ |
57 | struct IdentityTokenCodePayload *payload; | 79 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload; |
58 | 80 | ||
59 | /** | 81 | /** |
60 | * ECDH Pubkey | 82 | * ECDH Pubkey |
@@ -74,62 +96,174 @@ struct IdentityTokenCode | |||
74 | 96 | ||
75 | 97 | ||
76 | 98 | ||
77 | struct IdentityToken* | 99 | /** |
78 | identity_token_create (const char* issuer, | 100 | * Create an identity token |
79 | const char* audience); | 101 | * |
102 | * @param iss the issuer string for the token | ||
103 | * @param aud the audience of the token | ||
104 | * | ||
105 | * @return a new token | ||
106 | */ | ||
107 | struct GNUNET_IDENTITY_PROVIDER_Token* | ||
108 | GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
109 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
80 | 110 | ||
111 | /** | ||
112 | * Destroy an identity token | ||
113 | * | ||
114 | * @param token the token to destroy | ||
115 | */ | ||
81 | void | 116 | void |
82 | identity_token_destroy (struct IdentityToken *token); | 117 | GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token); |
83 | 118 | ||
119 | /** | ||
120 | * Add a new key value pair to the token | ||
121 | * | ||
122 | * @param token the token to modify | ||
123 | * @param key the key | ||
124 | * @param value the value | ||
125 | */ | ||
84 | void | 126 | void |
85 | identity_token_add_attr (const struct IdentityToken *token, | 127 | GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
86 | const char* key, | 128 | const char* key, |
87 | const char* value); | 129 | const char* value); |
130 | |||
131 | /** | ||
132 | * Add a new key value pair to the token with the value as json | ||
133 | * | ||
134 | * @param the token to modify | ||
135 | * @param key the key | ||
136 | * @param value the value | ||
137 | * | ||
138 | */ | ||
88 | void | 139 | void |
89 | identity_token_add_json (const struct IdentityToken *token, | 140 | GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
90 | const char* key, | 141 | const char* key, |
91 | json_t* value); | 142 | json_t* value); |
92 | 143 | ||
144 | /** | ||
145 | * Serialize a token. The token will be signed and base64 according to the | ||
146 | * JWT format. The signature is base32-encoded ECDSA. | ||
147 | * The resulting JWT is encrypted using | ||
148 | * ECDHE for the audience and Base64 | ||
149 | * encoded in result. The audience requires the ECDHE public key P | ||
150 | * to decrypt the token T. The key P is included in the result and prepended | ||
151 | * before the token | ||
152 | * | ||
153 | * @param token the token to serialize | ||
154 | * @param priv_key the private key used to sign the token | ||
155 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
156 | * @param result P,Base64(E(T)) | ||
157 | * | ||
158 | * @return GNUNET_OK on success | ||
159 | */ | ||
93 | int | 160 | int |
94 | identity_token_serialize (const struct IdentityToken *token, | 161 | GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
95 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 162 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
96 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | 163 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, |
97 | char **result); | 164 | char **result); |
98 | 165 | ||
166 | /** | ||
167 | * Parses the serialized token and returns a token | ||
168 | * | ||
169 | * @param data the serialized token | ||
170 | * @param priv_key the private key of the audience | ||
171 | * @param result the token | ||
172 | * | ||
173 | * @return GNUNET_OK on success | ||
174 | */ | ||
99 | int | 175 | int |
100 | identity_token_parse (const char* raw_data, | 176 | GNUNET_IDENTITY_PROVIDER_token_parse (const char* data, |
101 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 177 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
102 | struct IdentityToken **result); | 178 | struct GNUNET_IDENTITY_PROVIDER_Token **result); |
103 | 179 | ||
180 | /** | ||
181 | * Parses the serialized token and returns a token | ||
182 | * This variant is intended for the party that issued the token and also | ||
183 | * wants to decrypt the serialized token. | ||
184 | * | ||
185 | * @param data the serialized token | ||
186 | * @param priv_key the private (!) ECDHE key | ||
187 | * @param aud_key the identity of the audience | ||
188 | * @param result the token | ||
189 | * | ||
190 | * @return GNUNET_OK on success | ||
191 | */ | ||
104 | int | 192 | int |
105 | identity_token_parse2 (const char* raw_data, | 193 | GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data, |
106 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | 194 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, |
107 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 195 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
108 | struct IdentityToken **result); | 196 | struct GNUNET_IDENTITY_PROVIDER_Token **result); |
109 | 197 | ||
198 | |||
199 | /** | ||
200 | * | ||
201 | * Returns a JWT-string representation of the token | ||
202 | * | ||
203 | * @param token the token | ||
204 | * @param priv_key the private key used to sign the JWT | ||
205 | * @param result the JWT | ||
206 | * | ||
207 | * @return GNUNET_OK on success | ||
208 | */ | ||
110 | int | 209 | int |
111 | identity_token_to_string (const struct IdentityToken *token, | 210 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
112 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 211 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
113 | char **result); | 212 | char **result); |
114 | 213 | ||
115 | struct IdentityTokenCode* | 214 | /** |
116 | identity_token_code_create (const char* nonce_str, | 215 | * |
117 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 216 | * Creates a ticket that can be exchanged by the audience for |
217 | * the token. The token must be placed under the label | ||
218 | * | ||
219 | * @param nonce_str nonce provided by the audience that requested the ticket | ||
220 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
221 | * @param label the label encoded in the ticket | ||
222 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
223 | * | ||
224 | * @return the ticket | ||
225 | */ | ||
226 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket* | ||
227 | GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, | ||
228 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
118 | const char* lbl_str, | 229 | const char* lbl_str, |
119 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | 230 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); |
120 | 231 | ||
232 | /** | ||
233 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
234 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
235 | * | ||
236 | * @param ticket the ticket to serialize | ||
237 | * @param priv_key the issuer private key to sign the ticket payload | ||
238 | * @param result the serialized ticket | ||
239 | * | ||
240 | * @return GNUNET_OK on success | ||
241 | */ | ||
121 | int | 242 | int |
122 | identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | 243 | GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, |
123 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 244 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
124 | char **result); | 245 | char **result); |
125 | 246 | ||
247 | /** | ||
248 | * Destroys a ticket | ||
249 | * | ||
250 | * @param the ticket to destroy | ||
251 | */ | ||
126 | void | 252 | void |
127 | identity_token_code_destroy (struct IdentityTokenCode *token_code); | 253 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket); |
128 | |||
129 | 254 | ||
255 | /** | ||
256 | * Parses a serialized ticket | ||
257 | * | ||
258 | * @param data the serialized ticket | ||
259 | * @param priv_key the audience private key | ||
260 | * @param ticket the ticket | ||
261 | * | ||
262 | * @return GNUNET_OK on success | ||
263 | */ | ||
130 | int | 264 | int |
131 | identity_token_code_parse (const char* raw_data, | 265 | GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data, |
132 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 266 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
133 | struct IdentityTokenCode **result); | 267 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket); |
134 | 268 | ||
135 | #endif | 269 | #endif |