gnunet_reclaim_service.h (16497B)
1 /* 2 This file is part of GNUnet. 3 Copyright (C) 2016 GNUnet e.V. 4 5 GNUnet is free software: you can redistribute it and/or modify it 6 under the terms of the GNU Affero General Public License as published 7 by the Free Software Foundation, either version 3 of the License, 8 or (at your option) any later version. 9 10 GNUnet is distributed in the hope that it will be useful, but 11 WITHOUT ANY WARRANTY; without even the implied warranty of 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 Affero General Public License for more details. 14 15 You should have received a copy of the GNU Affero General Public License 16 along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 SPDX-License-Identifier: AGPL3.0-or-later 19 */ 20 21 /** 22 * @addtogroup reclaim_suite RECLAIM services and libraries 23 * @{ 24 * 25 * @author Martin Schanzenbach 26 * 27 * @file 28 * reclaim service; implements identity and personal data sharing 29 * for GNUnet 30 * 31 * @defgroup reclaim Reclaim service 32 * @{ 33 */ 34 #ifndef GNUNET_RECLAIM_SERVICE_H 35 #define GNUNET_RECLAIM_SERVICE_H 36 37 #ifdef __cplusplus 38 extern "C" { 39 #if 0 /* keep Emacsens' auto-indent happy */ 40 } 41 #endif 42 #endif 43 44 45 #include "gnunet_identity_service.h" 46 #include "gnunet_reclaim_lib.h" 47 #include "gnunet_util_lib.h" 48 49 /** 50 * Version number of the re:claimID API. 51 */ 52 #define GNUNET_RECLAIM_VERSION 0x00000002 53 54 /** 55 * Opaque handle to access the service. 56 */ 57 struct GNUNET_RECLAIM_Handle; 58 59 60 /** 61 * Opaque handle for an operation at the re:claimID service. 62 */ 63 struct GNUNET_RECLAIM_Operation; 64 65 #define GNUNET_RECLAIM_TICKET_RP_URI_MAX_LEN 256 66 67 #define GNUNET_RECLAIM_TICKET_RP_URI_URN_PREFIX "urn:gns:" 68 69 /** 70 * The authorization ticket. This ticket is meant to be transferred 71 * out of band to a relying party. 72 * The contents of a ticket must be protected and should be treated as a 73 * shared secret between user and relying party. 74 */ 75 struct GNUNET_RECLAIM_Ticket 76 { 77 /** 78 * The ticket. A GNS name ending in the 79 * zTLD for identity. 80 * Base32(rnd).zTLD(identity) 81 * 0-terminated string. 82 */ 83 char gns_name[GNUNET_DNSPARSER_MAX_LABEL_LENGTH * 2 + 2]; 84 85 /** 86 * The ticket issuer (= the user) 87 */ 88 //struct GNUNET_CRYPTO_PublicKey identity; 89 90 /** 91 * The ticket random identifier 92 */ 93 //struct GNUNET_RECLAIM_Identifier rnd; 94 95 96 /** 97 * Followed by the ticket audience (= relying party) URI. 98 * 0-terminated string. 99 * Example: "urn:gns:000G002B4RF1XPBXDPGZA0PT16BHQCS427YQK4NC84KZMK7TK8C2Z5GMK8" 100 */ 101 //char rp_uri[GNUNET_RECLAIM_TICKET_RP_URI_MAX_LEN]; 102 }; 103 104 105 /** 106 * Method called when a token has been issued. 107 * On success returns a ticket that can be given to a relying party 108 * in order for it retrieve identity attributes 109 * 110 * @param cls closure 111 * @param ticket the ticket 112 * @param rp_uri the RP URI of the ticket 113 */ 114 typedef void (*GNUNET_RECLAIM_TicketCallback) ( 115 void *cls, 116 const struct GNUNET_RECLAIM_Ticket *ticket, 117 const char* rp_uri); 118 119 /** 120 * Method called when a token has been issued. 121 * On success returns a ticket that can be given to a relying party 122 * in order for it retrieve identity attributes 123 * 124 * @param cls closure 125 * @param ticket the ticket 126 */ 127 typedef void (*GNUNET_RECLAIM_IssueTicketCallback) ( 128 void *cls, 129 const struct GNUNET_RECLAIM_Ticket *ticket, 130 const struct GNUNET_RECLAIM_PresentationList *presentations); 131 132 133 /** 134 * Continuation called to notify client about result of the 135 * operation. 136 * 137 * @param cls The callback closure 138 * @param success #GNUNET_SYSERR on failure 139 * @param emsg NULL on success, otherwise an error message 140 */ 141 typedef void (*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls, 142 int32_t success, 143 const char *emsg); 144 145 /** 146 * Callback used to notify the client of attribute results. 147 * 148 * @param cls The callback closure 149 * @param identity The identity authoritative over the attributes 150 * @param attr The attribute 151 */ 152 typedef void (*GNUNET_RECLAIM_AttributeResult) ( 153 void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, 154 const struct GNUNET_RECLAIM_Attribute *attr); 155 156 /** 157 * Callback used to notify the client of attribute results. 158 * 159 * @param cls The callback closure 160 * @param identity The identity authoritative over the attributes 161 * @param attr The attribute 162 * @param presentation The presentation for the credential (may be NULL) 163 */ 164 typedef void (*GNUNET_RECLAIM_AttributeTicketResult) ( 165 void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, 166 const struct GNUNET_RECLAIM_Attribute *attr, 167 const struct GNUNET_RECLAIM_Presentation *presentation); 168 169 170 /** 171 * Callback used to notify the client of credential results. 172 * 173 * @param cls The callback closure 174 * @param identity The identity authoritative over the attributes 175 * @param credential The credential 176 * @param attributes the parsed attributes 177 */ 178 typedef void (*GNUNET_RECLAIM_CredentialResult) ( 179 void *cls, const struct GNUNET_CRYPTO_PublicKey *identity, 180 const struct GNUNET_RECLAIM_Credential *credential); 181 182 183 /** 184 * Connect to the re:claimID service. 185 * 186 * @param cfg Configuration to contact the re:claimID service. 187 * @return handle to communicate with the service 188 */ 189 struct GNUNET_RECLAIM_Handle * 190 GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); 191 192 193 /** 194 * Store an attribute. If the attribute is already present, 195 * it is replaced with the new attribute. 196 * 197 * @param h handle to the reclaim service 198 * @param pkey Private key of the identity to add an attribute to 199 * @param attr The attribute 200 * @param exp_interval The relative expiration interval for the attribute 201 * @param cont Continuation to call when done 202 * @param cont_cls Closure for @a cont 203 * @return handle Used to to abort the request 204 */ 205 struct GNUNET_RECLAIM_Operation * 206 GNUNET_RECLAIM_attribute_store ( 207 struct GNUNET_RECLAIM_Handle *h, 208 const struct GNUNET_CRYPTO_PrivateKey *pkey, 209 const struct GNUNET_RECLAIM_Attribute *attr, 210 const struct GNUNET_TIME_Relative *exp_interval, 211 GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls); 212 213 214 /** 215 * Store a credential. If the credential is already present, 216 * it is replaced with the new credential. 217 * 218 * @param h handle to the re:claimID service 219 * @param pkey private key of the identity 220 * @param credential the credential value 221 * @param exp_interval the relative expiration interval for the credential 222 * @param cont continuation to call when done 223 * @param cont_cls closure for @a cont 224 * @return handle to abort the request 225 */ 226 struct GNUNET_RECLAIM_Operation * 227 GNUNET_RECLAIM_credential_store ( 228 struct GNUNET_RECLAIM_Handle *h, 229 const struct GNUNET_CRYPTO_PrivateKey *pkey, 230 const struct GNUNET_RECLAIM_Credential *credential, 231 const struct GNUNET_TIME_Relative *exp_interval, 232 GNUNET_RECLAIM_ContinuationWithStatus cont, 233 void *cont_cls); 234 235 236 /** 237 * Delete an attribute. Tickets used to share this attribute are updated 238 * accordingly. 239 * 240 * @param h handle to the re:claimID service 241 * @param pkey Private key of the identity to add an attribute to 242 * @param attr The attribute 243 * @param cont Continuation to call when done 244 * @param cont_cls Closure for @a cont 245 * @return handle Used to to abort the request 246 */ 247 struct GNUNET_RECLAIM_Operation * 248 GNUNET_RECLAIM_attribute_delete ( 249 struct GNUNET_RECLAIM_Handle *h, 250 const struct GNUNET_CRYPTO_PrivateKey *pkey, 251 const struct GNUNET_RECLAIM_Attribute *attr, 252 GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls); 253 254 /** 255 * Delete a credential. Tickets used to share a presentation of this 256 * credential are updated accordingly. 257 * 258 * @param h handle to the re:claimID service 259 * @param pkey Private key of the identity to add an attribute to 260 * @param cred The credential 261 * @param cont Continuation to call when done 262 * @param cont_cls Closure for @a cont 263 * @return handle Used to to abort the request 264 */ 265 struct GNUNET_RECLAIM_Operation * 266 GNUNET_RECLAIM_credential_delete ( 267 struct GNUNET_RECLAIM_Handle *h, 268 const struct GNUNET_CRYPTO_PrivateKey *pkey, 269 const struct GNUNET_RECLAIM_Credential *cred, 270 GNUNET_RECLAIM_ContinuationWithStatus cont, 271 void *cont_cls); 272 273 /** 274 * List all attributes for a local identity. 275 * This MUST lock the `struct GNUNET_RECLAIM_Handle` 276 * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and 277 * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once 278 * immediately, and then again after 279 * #GNUNET_RECLAIM_get_attributes_next() is invoked. 280 * 281 * On error (disconnect), @a error_cb will be invoked. 282 * On normal completion, @a finish_cb proc will be 283 * invoked. 284 * 285 * @param h Handle to the re:claimID service 286 * @param identity Identity to iterate over 287 * @param error_cb Function to call on error (i.e. disconnect), 288 * the handle is afterwards invalid 289 * @param error_cb_cls Closure for @a error_cb 290 * @param proc Function to call on each attribute 291 * @param proc_cls Closure for @a proc 292 * @param finish_cb Function to call on completion 293 * the handle is afterwards invalid 294 * @param finish_cb_cls Closure for @a finish_cb 295 * @return an iterator Handle to use for iteration 296 */ 297 struct GNUNET_RECLAIM_AttributeIterator * 298 GNUNET_RECLAIM_get_attributes_start ( 299 struct GNUNET_RECLAIM_Handle *h, 300 const struct GNUNET_CRYPTO_PrivateKey *identity, 301 GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, 302 GNUNET_RECLAIM_AttributeResult proc, void *proc_cls, 303 GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls); 304 305 306 /** 307 * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start 308 * for the next record. 309 * 310 * @param it The iterator 311 */ 312 void 313 GNUNET_RECLAIM_get_attributes_next ( 314 struct GNUNET_RECLAIM_AttributeIterator *it); 315 316 317 /** 318 * Stops iteration and releases the handle for further calls. Must 319 * be called on any iteration that has not yet completed prior to calling 320 * #GNUNET_RECLAIM_disconnect. 321 * 322 * @param it the iterator 323 */ 324 void 325 GNUNET_RECLAIM_get_attributes_stop ( 326 struct GNUNET_RECLAIM_AttributeIterator *it); 327 328 329 /** 330 * List all credentials for a local identity. 331 * This MUST lock the `struct GNUNET_RECLAIM_Handle` 332 * for any other calls than #GNUNET_RECLAIM_get_credentials_next() and 333 * #GNUNET_RECLAIM_get_credentials_stop. @a proc will be called once 334 * immediately, and then again after 335 * #GNUNET_RECLAIM_get_credentials_next() is invoked. 336 * 337 * On error (disconnect), @a error_cb will be invoked. 338 * On normal completion, @a finish_cb proc will be 339 * invoked. 340 * 341 * @param h Handle to the re:claimID service 342 * @param identity Identity to iterate over 343 * @param error_cb Function to call on error (i.e. disconnect), 344 * the handle is afterwards invalid 345 * @param error_cb_cls Closure for @a error_cb 346 * @param proc Function to call on each credential 347 * @param proc_cls Closure for @a proc 348 * @param finish_cb Function to call on completion 349 * the handle is afterwards invalid 350 * @param finish_cb_cls Closure for @a finish_cb 351 * @return an iterator Handle to use for iteration 352 */ 353 struct GNUNET_RECLAIM_CredentialIterator * 354 GNUNET_RECLAIM_get_credentials_start ( 355 struct GNUNET_RECLAIM_Handle *h, 356 const struct GNUNET_CRYPTO_PrivateKey *identity, 357 GNUNET_SCHEDULER_TaskCallback error_cb, 358 void *error_cb_cls, 359 GNUNET_RECLAIM_CredentialResult proc, 360 void *proc_cls, 361 GNUNET_SCHEDULER_TaskCallback finish_cb, 362 void *finish_cb_cls); 363 364 365 /** 366 * Calls the record processor specified in #GNUNET_RECLAIM_get_credentials_start 367 * for the next record. 368 * 369 * @param ait the iterator 370 */ 371 void 372 GNUNET_RECLAIM_get_credentials_next ( 373 struct GNUNET_RECLAIM_CredentialIterator *ait); 374 375 376 /** 377 * Stops iteration and releases the handle for further calls. Must 378 * be called on any iteration that has not yet completed prior to calling 379 * #GNUNET_RECLAIM_disconnect. 380 * 381 * @param ait the iterator 382 */ 383 void 384 GNUNET_RECLAIM_get_credentials_stop ( 385 struct GNUNET_RECLAIM_CredentialIterator *ait); 386 387 388 /** 389 * Issues a ticket to a relying party. The identity may use 390 * GNUNET_RECLAIM_ticket_consume to consume the ticket 391 * and retrieve the attributes specified in the attribute list. 392 * 393 * @param h the identity provider to use 394 * @param iss the issuing identity (= the user) 395 * @param rp_uri the subject of the ticket (= the relying party) see #GNUNET_RECLAIM_Ticket 396 * @param attrs the attributes that the relying party is given access to 397 * @param cb the callback 398 * @param cb_cls the callback closure 399 * @return handle to abort the operation 400 */ 401 struct GNUNET_RECLAIM_Operation * 402 GNUNET_RECLAIM_ticket_issue ( 403 struct GNUNET_RECLAIM_Handle *h, 404 const struct GNUNET_CRYPTO_PrivateKey *iss, 405 const char *rp_uri, 406 const struct GNUNET_RECLAIM_AttributeList *attrs, 407 GNUNET_RECLAIM_IssueTicketCallback cb, void *cb_cls); 408 409 410 /** 411 * Revoked an issued ticket. The relying party will be unable to retrieve 412 * attributes. Other issued tickets remain unaffected. 413 * This includes tickets issued to other relying parties as well as to 414 * other tickets issued to the audience specified in this ticket. 415 * 416 * @param h the identity provider to use 417 * @param identity the issuing identity 418 * @param ticket the ticket to revoke 419 * @param cb the callback 420 * @param cb_cls the callback closure 421 * @return handle to abort the operation 422 */ 423 struct GNUNET_RECLAIM_Operation * 424 GNUNET_RECLAIM_ticket_revoke ( 425 struct GNUNET_RECLAIM_Handle *h, 426 const struct GNUNET_CRYPTO_PrivateKey *identity, 427 const struct GNUNET_RECLAIM_Ticket *ticket, 428 GNUNET_RECLAIM_ContinuationWithStatus cb, void *cb_cls); 429 430 431 /** 432 * Consumes an issued ticket. The ticket is used to retrieve identity 433 * information from the issuer 434 * 435 * @param h the identity provider to use 436 * @param ticket the issued ticket to consume 437 * @param rp_uri the RP URI 438 * @param cb the callback to call 439 * @param cb_cls the callback closure 440 * @return handle to abort the operation 441 */ 442 struct GNUNET_RECLAIM_Operation * 443 GNUNET_RECLAIM_ticket_consume ( 444 struct GNUNET_RECLAIM_Handle *h, 445 const struct GNUNET_RECLAIM_Ticket *ticket, 446 const char *rp_uri, 447 GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls); 448 449 450 /** 451 * Lists all tickets that have been issued to remote 452 * identities (relying parties) 453 * 454 * @param h the identity provider to use 455 * @param identity the issuing identity 456 * @param error_cb function to call on error (i.e. disconnect), 457 * the handle is afterwards invalid 458 * @param error_cb_cls closure for @a error_cb 459 * @param proc function to call on each ticket; it 460 * will be called repeatedly with a value (if available) 461 * @param proc_cls closure for @a proc 462 * @param finish_cb function to call on completion 463 * the handle is afterwards invalid 464 * @param finish_cb_cls closure for @a finish_cb 465 * @return an iterator handle to use for iteration 466 */ 467 struct GNUNET_RECLAIM_TicketIterator * 468 GNUNET_RECLAIM_ticket_iteration_start ( 469 struct GNUNET_RECLAIM_Handle *h, 470 const struct GNUNET_CRYPTO_PrivateKey *identity, 471 GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls, 472 GNUNET_RECLAIM_TicketCallback proc, void *proc_cls, 473 GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls); 474 475 476 /** 477 * Calls the ticket processor specified in 478 * #GNUNET_RECLAIM_ticket_iteration_start for the next record. 479 * 480 * @param it the iterator 481 */ 482 void 483 GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it); 484 485 486 /** 487 * Stops iteration and releases the handle for further calls. Must 488 * be called on any iteration that has not yet completed prior to calling 489 * #GNUNET_RECLAIM_disconnect. 490 * 491 * @param it the iterator 492 */ 493 void 494 GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it); 495 496 497 /** 498 * Disconnect from identity provider service. 499 * 500 * @param h identity provider service to disconnect 501 */ 502 void 503 GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h); 504 505 506 /** 507 * Cancel an identity provider operation. Note that the operation MAY still 508 * be executed; this merely cancels the continuation; if the request 509 * was already transmitted, the service may still choose to complete 510 * the operation. 511 * 512 * @param op operation to cancel 513 */ 514 void 515 GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op); 516 517 #if 0 /* keep Emacsens' auto-indent happy */ 518 { 519 #endif 520 #ifdef __cplusplus 521 } 522 #endif 523 524 525 /* ifndef GNUNET_RECLAIM_SERVICE_H */ 526 #endif 527 528 /** @} */ /* end of group reclaim */ 529 530 /** @} */ /* end of group addition */ 531 532 /* end of gnunet_reclaim_service.h */