diff options
Diffstat (limited to 'src/include/gnunet_credential_service.h')
-rw-r--r-- | src/include/gnunet_credential_service.h | 297 |
1 files changed, 253 insertions, 44 deletions
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 9e765c12b..7d6f9e973 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -34,6 +34,7 @@ | |||
34 | 34 | ||
35 | #include "gnunet_util_lib.h" | 35 | #include "gnunet_util_lib.h" |
36 | #include "gnunet_gns_service.h" | 36 | #include "gnunet_gns_service.h" |
37 | #include "gnunet_identity_service.h" | ||
37 | 38 | ||
38 | #ifdef __cplusplus | 39 | #ifdef __cplusplus |
39 | extern "C" | 40 | extern "C" |
@@ -52,7 +53,157 @@ struct GNUNET_CREDENTIAL_Handle; | |||
52 | /** | 53 | /** |
53 | * Handle to control a lookup operation. | 54 | * Handle to control a lookup operation. |
54 | */ | 55 | */ |
55 | struct GNUNET_CREDENTIAL_LookupRequest; | 56 | struct GNUNET_CREDENTIAL_Request; |
57 | |||
58 | /* | ||
59 | * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject | ||
60 | */ | ||
61 | enum GNUNET_CREDENTIAL_CredentialFlags { | ||
62 | |||
63 | //Subject had credentials before, but have been revoked now | ||
64 | GNUNET_CREDENTIAL_FLAG_REVOKED=0, | ||
65 | |||
66 | //Subject flag indicates that the subject is a holder of this credential and may present it as such | ||
67 | GNUNET_CREDENTIAL_FLAG_SUBJECT=1, | ||
68 | |||
69 | //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance | ||
70 | GNUNET_CREDENTIAL_FLAG_ISSUER=2 | ||
71 | |||
72 | }; | ||
73 | |||
74 | GNUNET_NETWORK_STRUCT_BEGIN | ||
75 | /** | ||
76 | * The attribute delegation record | ||
77 | */ | ||
78 | struct GNUNET_CREDENTIAL_DelegationRecord { | ||
79 | |||
80 | /** | ||
81 | * Number of delegation sets in this record | ||
82 | */ | ||
83 | uint32_t set_count; | ||
84 | |||
85 | /** | ||
86 | * Length of delegation sets | ||
87 | */ | ||
88 | uint64_t data_size; | ||
89 | /** | ||
90 | * Followed by set_count DelegationSetRecords | ||
91 | * | ||
92 | */ | ||
93 | }; | ||
94 | |||
95 | /** | ||
96 | * The attribute delegation record | ||
97 | */ | ||
98 | struct GNUNET_CREDENTIAL_DelegationRecordSet { | ||
99 | |||
100 | /** | ||
101 | * Public key of the subject this attribute was delegated to | ||
102 | */ | ||
103 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
104 | |||
105 | /** | ||
106 | * Length of attribute, may be 0 | ||
107 | */ | ||
108 | uint32_t subject_attribute_len; | ||
109 | }; | ||
110 | |||
111 | |||
112 | GNUNET_NETWORK_STRUCT_END | ||
113 | |||
114 | /** | ||
115 | * The attribute delegation record | ||
116 | */ | ||
117 | struct GNUNET_CREDENTIAL_DelegationSet { | ||
118 | |||
119 | /** | ||
120 | * Public key of the subject this attribute was delegated to | ||
121 | */ | ||
122 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
123 | |||
124 | uint32_t subject_attribute_len; | ||
125 | |||
126 | /** | ||
127 | * The subject attribute | ||
128 | */ | ||
129 | const char *subject_attribute; | ||
130 | }; | ||
131 | |||
132 | |||
133 | /** | ||
134 | * A delegation | ||
135 | */ | ||
136 | struct GNUNET_CREDENTIAL_Delegation { | ||
137 | |||
138 | /** | ||
139 | * The issuer of the delegation | ||
140 | */ | ||
141 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
142 | |||
143 | /** | ||
144 | * Public key of the subject this attribute was delegated to | ||
145 | */ | ||
146 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
147 | |||
148 | /** | ||
149 | * Length of the attribute | ||
150 | */ | ||
151 | uint32_t issuer_attribute_len; | ||
152 | |||
153 | /** | ||
154 | * The attribute | ||
155 | */ | ||
156 | const char *issuer_attribute; | ||
157 | |||
158 | /** | ||
159 | * Length of the attribute | ||
160 | */ | ||
161 | uint32_t subject_attribute_len; | ||
162 | |||
163 | /** | ||
164 | * The attribute | ||
165 | */ | ||
166 | const char *subject_attribute; | ||
167 | }; | ||
168 | |||
169 | |||
170 | /** | ||
171 | * A credential | ||
172 | */ | ||
173 | struct GNUNET_CREDENTIAL_Credential { | ||
174 | |||
175 | /** | ||
176 | * The issuer of the credential | ||
177 | */ | ||
178 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | ||
179 | |||
180 | /** | ||
181 | * Public key of the subject this credential was issued to | ||
182 | */ | ||
183 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | ||
184 | |||
185 | /** | ||
186 | * Signature of this credential | ||
187 | */ | ||
188 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
189 | |||
190 | /** | ||
191 | * Expiration of this credential | ||
192 | */ | ||
193 | struct GNUNET_TIME_Absolute expiration; | ||
194 | |||
195 | /** | ||
196 | * Length of the attribute | ||
197 | */ | ||
198 | uint32_t issuer_attribute_len; | ||
199 | |||
200 | /** | ||
201 | * The attribute | ||
202 | */ | ||
203 | const char *issuer_attribute; | ||
204 | |||
205 | }; | ||
206 | |||
56 | 207 | ||
57 | 208 | ||
58 | /** | 209 | /** |
@@ -61,7 +212,7 @@ struct GNUNET_CREDENTIAL_LookupRequest; | |||
61 | * @param cfg configuration to use | 212 | * @param cfg configuration to use |
62 | * @return handle to the Credential service, or NULL on error | 213 | * @return handle to the Credential service, or NULL on error |
63 | */ | 214 | */ |
64 | struct GNUNET_Credential_Handle * | 215 | struct GNUNET_CREDENTIAL_Handle * |
65 | GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); | 216 | GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); |
66 | 217 | ||
67 | 218 | ||
@@ -75,73 +226,131 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle); | |||
75 | 226 | ||
76 | 227 | ||
77 | /** | 228 | /** |
78 | * Iterator called on obtained result for a Credential lookup. | 229 | * Iterator called on obtained result for an attribute verification. |
230 | * | ||
231 | * @param cls closure | ||
232 | * @param d_count the number of delegations processed | ||
233 | * @param delegation_chain the delegations processed | ||
234 | * @param c_count the number of credentials found | ||
235 | * @param credential the credentials | ||
236 | */ | ||
237 | typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls, | ||
238 | unsigned int d_count, | ||
239 | struct GNUNET_CREDENTIAL_Delegation *delegation_chain, | ||
240 | unsigned int c_count, | ||
241 | struct GNUNET_CREDENTIAL_Credential *credential); | ||
242 | |||
243 | /** | ||
244 | * Iterator called on obtained result for an attribute delegation. | ||
245 | * | ||
246 | * @param cls closure | ||
247 | * @param success GNUNET_YES if successful | ||
248 | * @param result the record data that can be handed to the subject | ||
249 | */ | ||
250 | typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, | ||
251 | uint32_t success); | ||
252 | |||
253 | /** | ||
254 | * Iterator called on obtained result for an attribute delegation removal. | ||
79 | * | 255 | * |
80 | * @param cls closure | 256 | * @param cls closure |
81 | * @param issuer the issuer chain | 257 | * @param success GNUNET_YES if successful |
82 | * @param issuer_len length of issuer chain | 258 | * @param result the record data that can be handed to the subject |
83 | * @param value the value returned | ||
84 | */ | 259 | */ |
85 | typedef void | 260 | typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, |
86 | (*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, | 261 | uint32_t success); |
87 | struct GNUNET_IDENTITY_Ego *issuer, | ||
88 | uint16_t issuer_len, | ||
89 | const struct GNUNET_CREDENTIAL_Value *value); | ||
90 | 262 | ||
91 | 263 | ||
92 | /** | 264 | /** |
93 | * Perform an asynchronous lookup operation for a credential. | 265 | * Performs attribute verification. |
266 | * Checks if there is a delegation chain from | ||
267 | * attribute ``issuer_attribute'' issued by the issuer | ||
268 | * with public key ``issuer_key'' maps to the attribute | ||
269 | * ``subject_attribute'' claimed by the subject with key | ||
270 | * ``subject_key'' | ||
94 | * | 271 | * |
95 | * @param handle handle to the Credential service | 272 | * @param handle handle to the Credential service |
96 | * @param credential the credential to look up | 273 | * @param issuer_key the issuer public key |
97 | * @param subject Ego to check the credential for | 274 | * @param issuer_attribute the issuer attribute |
275 | * @param subject_key the subject public key | ||
276 | * @param credential_count number of credentials | ||
277 | * @param credentials the subject credentials | ||
98 | * @param proc function to call on result | 278 | * @param proc function to call on result |
99 | * @param proc_cls closure for processor | 279 | * @param proc_cls closure for processor |
100 | * @return handle to the queued request | 280 | * @return handle to the queued request |
101 | */ | 281 | */ |
102 | struct GNUNET_CREDENTIAL_LookupRequest * | 282 | struct GNUNET_CREDENTIAL_Request* |
103 | GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, | 283 | GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, |
104 | const char *credential, | 284 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, |
105 | const struct GNUNET_IDENTITY_Ego *subject, | 285 | const char *issuer_attribute, |
106 | GNUNET_CREDENTIAL_LookupResultProcessor proc, | 286 | const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key, |
287 | uint32_t credential_count, | ||
288 | const struct GNUNET_CREDENTIAL_Credential *credentials, | ||
289 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
107 | void *proc_cls); | 290 | void *proc_cls); |
108 | 291 | ||
292 | struct GNUNET_CREDENTIAL_Request* | ||
293 | GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle, | ||
294 | const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key, | ||
295 | const char *issuer_attribute, | ||
296 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key, | ||
297 | GNUNET_CREDENTIAL_CredentialResultProcessor proc, | ||
298 | void *proc_cls); | ||
109 | 299 | ||
110 | /** | 300 | /** |
111 | * Issue a credential to an identity | 301 | * Delegate an attribute |
112 | * | 302 | * |
113 | * @param handle handle to the Credential service | 303 | * @param handle handle to the Credential service |
114 | * @param issuer the identity that issues the credential | 304 | * @param issuer the ego that should be used to delegate the attribute |
115 | * @param subject the subject of the credential | 305 | * @param attribute the name of the attribute to delegate |
116 | * @param credential the name of the credential | 306 | * @param subject the subject of the delegation |
117 | * @param value the value of the credential | 307 | * @param delegated_attribute the name of the attribute that is delegated to |
308 | * @param proc the result callback | ||
309 | * @param proc_cls the result closure context | ||
118 | * @return handle to the queued request | 310 | * @return handle to the queued request |
119 | */ | 311 | */ |
120 | struct GNUNET_CREDENTIAL_IssueRequest * | 312 | struct GNUNET_CREDENTIAL_Request * |
121 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | 313 | GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle, |
122 | struct GNUNET_IDENTITY_Ego *issuer, | 314 | struct GNUNET_IDENTITY_Ego *issuer, |
123 | struct GNUNET_IDENTITY_Ego *subject, | 315 | const char *attribute, |
124 | const char *credential, | 316 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, |
125 | struct GNUNET_CREDENTIAL_Value *value, | 317 | const char *delegated_attribute, |
126 | GNUNET_CREDENTIAL_IssueResultProcessor proc, | 318 | GNUNET_CREDENTIAL_DelegateResultProcessor proc, |
127 | void *proc_cls); | 319 | void *proc_cls); |
128 | 320 | ||
129 | /** | 321 | /** |
130 | * Remove a credential | 322 | * Remove a delegation |
131 | * | 323 | * |
132 | * @param handle handle to the Credential service | 324 | * @param handle handle to the Credential service |
133 | * @param issuer the identity that issued the credential | 325 | * @param issuer the ego that was used to delegate the attribute |
134 | * @param subject the subject of the credential | 326 | * @param attribute the name of the attribute that is delegated |
135 | * @param credential the name of the credential | 327 | * @param proc the callback |
328 | * @param proc_cls callback closure | ||
136 | * @return handle to the queued request | 329 | * @return handle to the queued request |
137 | */ | 330 | */ |
138 | struct GNUNET_CREDENTIAL_IssueRequest * | 331 | struct GNUNET_CREDENTIAL_Request * |
139 | GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, | 332 | GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, |
140 | struct GNUNET_IDENTITY_Ego *issuer, | 333 | struct GNUNET_IDENTITY_Ego *issuer, |
141 | struct GNUNET_IDENTITY_Ego *subject, | 334 | const char *attribute, |
142 | const char *credential, | 335 | GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, |
143 | GNUNET_CREDENTIAL_IssueResultProcessor proc, | 336 | void *proc_cls); |
144 | void *proc_cls); | 337 | |
338 | |||
339 | |||
340 | /** | ||
341 | * Issue an attribute to a subject | ||
342 | * | ||
343 | * @param issuer the ego that should be used to issue the attribute | ||
344 | * @param subject the subject of the attribute | ||
345 | * @param attribute the name of the attribute | ||
346 | * @param expiration the TTL of the credential | ||
347 | * @return handle to the queued request | ||
348 | */ | ||
349 | struct GNUNET_CREDENTIAL_Credential* | ||
350 | GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | ||
351 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | ||
352 | const char *attribute, | ||
353 | struct GNUNET_TIME_Absolute *expiration); | ||
145 | 354 | ||
146 | 355 | ||
147 | 356 | ||
@@ -151,7 +360,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, | |||
151 | * @param lr the lookup request to cancel | 360 | * @param lr the lookup request to cancel |
152 | */ | 361 | */ |
153 | void | 362 | void |
154 | GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr); | 363 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr); |
155 | 364 | ||
156 | 365 | ||
157 | #if 0 /* keep Emacsens' auto-indent happy */ | 366 | #if 0 /* keep Emacsens' auto-indent happy */ |