aboutsummaryrefslogtreecommitdiff
path: root/src/include/gnunet_credential_service.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/gnunet_credential_service.h')
-rw-r--r--src/include/gnunet_credential_service.h297
1 files changed, 253 insertions, 44 deletions
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h
index 9e765c12b..7d6f9e973 100644
--- a/src/include/gnunet_credential_service.h
+++ b/src/include/gnunet_credential_service.h
@@ -34,6 +34,7 @@
34 34
35#include "gnunet_util_lib.h" 35#include "gnunet_util_lib.h"
36#include "gnunet_gns_service.h" 36#include "gnunet_gns_service.h"
37#include "gnunet_identity_service.h"
37 38
38#ifdef __cplusplus 39#ifdef __cplusplus
39extern "C" 40extern "C"
@@ -52,7 +53,157 @@ struct GNUNET_CREDENTIAL_Handle;
52/** 53/**
53 * Handle to control a lookup operation. 54 * Handle to control a lookup operation.
54 */ 55 */
55struct GNUNET_CREDENTIAL_LookupRequest; 56struct GNUNET_CREDENTIAL_Request;
57
58/*
59* Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
60*/
61enum GNUNET_CREDENTIAL_CredentialFlags {
62
63 //Subject had credentials before, but have been revoked now
64 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
65
66 //Subject flag indicates that the subject is a holder of this credential and may present it as such
67 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
68
69 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
70 GNUNET_CREDENTIAL_FLAG_ISSUER=2
71
72};
73
74GNUNET_NETWORK_STRUCT_BEGIN
75/**
76 * The attribute delegation record
77 */
78struct GNUNET_CREDENTIAL_DelegationRecord {
79
80 /**
81 * Number of delegation sets in this record
82 */
83 uint32_t set_count;
84
85 /**
86 * Length of delegation sets
87 */
88 uint64_t data_size;
89 /**
90 * Followed by set_count DelegationSetRecords
91 *
92 */
93};
94
95/**
96 * The attribute delegation record
97 */
98struct GNUNET_CREDENTIAL_DelegationRecordSet {
99
100 /**
101 * Public key of the subject this attribute was delegated to
102 */
103 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
104
105 /**
106 * Length of attribute, may be 0
107 */
108 uint32_t subject_attribute_len;
109};
110
111
112GNUNET_NETWORK_STRUCT_END
113
114/**
115 * The attribute delegation record
116 */
117struct GNUNET_CREDENTIAL_DelegationSet {
118
119 /**
120 * Public key of the subject this attribute was delegated to
121 */
122 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
123
124 uint32_t subject_attribute_len;
125
126 /**
127 * The subject attribute
128 */
129 const char *subject_attribute;
130};
131
132
133/**
134 * A delegation
135 */
136struct GNUNET_CREDENTIAL_Delegation {
137
138 /**
139 * The issuer of the delegation
140 */
141 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
142
143 /**
144 * Public key of the subject this attribute was delegated to
145 */
146 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
147
148 /**
149 * Length of the attribute
150 */
151 uint32_t issuer_attribute_len;
152
153 /**
154 * The attribute
155 */
156 const char *issuer_attribute;
157
158 /**
159 * Length of the attribute
160 */
161 uint32_t subject_attribute_len;
162
163 /**
164 * The attribute
165 */
166 const char *subject_attribute;
167};
168
169
170/**
171 * A credential
172 */
173struct GNUNET_CREDENTIAL_Credential {
174
175 /**
176 * The issuer of the credential
177 */
178 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
179
180 /**
181 * Public key of the subject this credential was issued to
182 */
183 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
184
185 /**
186 * Signature of this credential
187 */
188 struct GNUNET_CRYPTO_EcdsaSignature signature;
189
190 /**
191 * Expiration of this credential
192 */
193 struct GNUNET_TIME_Absolute expiration;
194
195 /**
196 * Length of the attribute
197 */
198 uint32_t issuer_attribute_len;
199
200 /**
201 * The attribute
202 */
203 const char *issuer_attribute;
204
205};
206
56 207
57 208
58/** 209/**
@@ -61,7 +212,7 @@ struct GNUNET_CREDENTIAL_LookupRequest;
61 * @param cfg configuration to use 212 * @param cfg configuration to use
62 * @return handle to the Credential service, or NULL on error 213 * @return handle to the Credential service, or NULL on error
63 */ 214 */
64struct GNUNET_Credential_Handle * 215struct GNUNET_CREDENTIAL_Handle *
65GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); 216GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
66 217
67 218
@@ -75,73 +226,131 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
75 226
76 227
77/** 228/**
78 * Iterator called on obtained result for a Credential lookup. 229 * Iterator called on obtained result for an attribute verification.
230 *
231 * @param cls closure
232 * @param d_count the number of delegations processed
233 * @param delegation_chain the delegations processed
234 * @param c_count the number of credentials found
235 * @param credential the credentials
236 */
237typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls,
238 unsigned int d_count,
239 struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
240 unsigned int c_count,
241 struct GNUNET_CREDENTIAL_Credential *credential);
242
243/**
244 * Iterator called on obtained result for an attribute delegation.
245 *
246 * @param cls closure
247 * @param success GNUNET_YES if successful
248 * @param result the record data that can be handed to the subject
249 */
250typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
251 uint32_t success);
252
253/**
254 * Iterator called on obtained result for an attribute delegation removal.
79 * 255 *
80 * @param cls closure 256 * @param cls closure
81 * @param issuer the issuer chain 257 * @param success GNUNET_YES if successful
82 * @param issuer_len length of issuer chain 258 * @param result the record data that can be handed to the subject
83 * @param value the value returned
84 */ 259 */
85typedef void 260typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
86(*GNUNET_CREDENTIAL_LookupResultProcessor) (void *cls, 261 uint32_t success);
87 struct GNUNET_IDENTITY_Ego *issuer,
88 uint16_t issuer_len,
89 const struct GNUNET_CREDENTIAL_Value *value);
90 262
91 263
92/** 264/**
93 * Perform an asynchronous lookup operation for a credential. 265 * Performs attribute verification.
266 * Checks if there is a delegation chain from
267 * attribute ``issuer_attribute'' issued by the issuer
268 * with public key ``issuer_key'' maps to the attribute
269 * ``subject_attribute'' claimed by the subject with key
270 * ``subject_key''
94 * 271 *
95 * @param handle handle to the Credential service 272 * @param handle handle to the Credential service
96 * @param credential the credential to look up 273 * @param issuer_key the issuer public key
97 * @param subject Ego to check the credential for 274 * @param issuer_attribute the issuer attribute
275 * @param subject_key the subject public key
276 * @param credential_count number of credentials
277 * @param credentials the subject credentials
98 * @param proc function to call on result 278 * @param proc function to call on result
99 * @param proc_cls closure for processor 279 * @param proc_cls closure for processor
100 * @return handle to the queued request 280 * @return handle to the queued request
101 */ 281 */
102struct GNUNET_CREDENTIAL_LookupRequest * 282struct GNUNET_CREDENTIAL_Request*
103GNUNET_CREDENTIAL_lookup (struct GNUNET_CREDENTIAL_Handle *handle, 283GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
104 const char *credential, 284 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
105 const struct GNUNET_IDENTITY_Ego *subject, 285 const char *issuer_attribute,
106 GNUNET_CREDENTIAL_LookupResultProcessor proc, 286 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
287 uint32_t credential_count,
288 const struct GNUNET_CREDENTIAL_Credential *credentials,
289 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
107 void *proc_cls); 290 void *proc_cls);
108 291
292struct GNUNET_CREDENTIAL_Request*
293GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle,
294 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
295 const char *issuer_attribute,
296 const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key,
297 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
298 void *proc_cls);
109 299
110/** 300/**
111 * Issue a credential to an identity 301 * Delegate an attribute
112 * 302 *
113 * @param handle handle to the Credential service 303 * @param handle handle to the Credential service
114 * @param issuer the identity that issues the credential 304 * @param issuer the ego that should be used to delegate the attribute
115 * @param subject the subject of the credential 305 * @param attribute the name of the attribute to delegate
116 * @param credential the name of the credential 306 * @param subject the subject of the delegation
117 * @param value the value of the credential 307 * @param delegated_attribute the name of the attribute that is delegated to
308 * @param proc the result callback
309 * @param proc_cls the result closure context
118 * @return handle to the queued request 310 * @return handle to the queued request
119 */ 311 */
120struct GNUNET_CREDENTIAL_IssueRequest * 312struct GNUNET_CREDENTIAL_Request *
121GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, 313GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
122 struct GNUNET_IDENTITY_Ego *issuer, 314 struct GNUNET_IDENTITY_Ego *issuer,
123 struct GNUNET_IDENTITY_Ego *subject, 315 const char *attribute,
124 const char *credential, 316 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
125 struct GNUNET_CREDENTIAL_Value *value, 317 const char *delegated_attribute,
126 GNUNET_CREDENTIAL_IssueResultProcessor proc, 318 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
127 void *proc_cls); 319 void *proc_cls);
128 320
129/** 321/**
130 * Remove a credential 322 * Remove a delegation
131 * 323 *
132 * @param handle handle to the Credential service 324 * @param handle handle to the Credential service
133 * @param issuer the identity that issued the credential 325 * @param issuer the ego that was used to delegate the attribute
134 * @param subject the subject of the credential 326 * @param attribute the name of the attribute that is delegated
135 * @param credential the name of the credential 327 * @param proc the callback
328 * @param proc_cls callback closure
136 * @return handle to the queued request 329 * @return handle to the queued request
137 */ 330 */
138struct GNUNET_CREDENTIAL_IssueRequest * 331struct GNUNET_CREDENTIAL_Request *
139GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle, 332GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
140 struct GNUNET_IDENTITY_Ego *issuer, 333 struct GNUNET_IDENTITY_Ego *issuer,
141 struct GNUNET_IDENTITY_Ego *subject, 334 const char *attribute,
142 const char *credential, 335 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
143 GNUNET_CREDENTIAL_IssueResultProcessor proc, 336 void *proc_cls);
144 void *proc_cls); 337
338
339
340/**
341 * Issue an attribute to a subject
342 *
343 * @param issuer the ego that should be used to issue the attribute
344 * @param subject the subject of the attribute
345 * @param attribute the name of the attribute
346 * @param expiration the TTL of the credential
347 * @return handle to the queued request
348 */
349struct GNUNET_CREDENTIAL_Credential*
350GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
351 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
352 const char *attribute,
353 struct GNUNET_TIME_Absolute *expiration);
145 354
146 355
147 356
@@ -151,7 +360,7 @@ GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
151 * @param lr the lookup request to cancel 360 * @param lr the lookup request to cancel
152 */ 361 */
153void 362void
154GNUNET_CREDENTIAL_lookup_cancel (struct GNUNET_CREDENTIAL_LookupRequest *lr); 363GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr);
155 364
156 365
157#if 0 /* keep Emacsens' auto-indent happy */ 366#if 0 /* keep Emacsens' auto-indent happy */