2 This file is part of GNUnet.
3 Copyright (C) 2012-2015 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @author Martin Schanzenbach
22 * @file identity-provider/identity_token.h
23 * @brief GNUnet Identity Provider library
26 #ifndef IDENTITY_TOKEN_H
27 #define IDENTITY_TOKEN_H
29 #include "gnunet_crypto_lib.h"
37 struct TokenAttr *attr_head;
42 struct TokenAttr *attr_tail;
47 struct GNUNET_CRYPTO_EcdsaSignature signature;
52 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
60 struct TokenAttr *next;
65 struct TokenAttr *prev;
75 struct TokenAttrValue *val_head;
80 struct TokenAttrValue *val_tail;
89 struct TokenAttrValue *next;
94 struct TokenAttrValue *prev;
102 * Attribute int value
103 * used if NULL == value
113 struct TokenTicketPayload
128 struct GNUNET_CRYPTO_EcdsaPublicKey identity_key;
137 struct TokenTicketPayload *payload;
142 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
147 struct GNUNET_CRYPTO_EcdsaSignature signature;
152 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
158 * Create an identity token
160 * @param iss the issuer string for the token
161 * @param aud the audience of the token
163 * @return a new token
165 struct IdentityToken*
166 token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss,
167 const struct GNUNET_CRYPTO_EcdsaPublicKey* aud);
170 * Destroy an identity token
172 * @param token the token to destroy
175 token_destroy (struct IdentityToken*token);
178 * Add a new key value pair to the token
180 * @param token the token to modify
182 * @param value the value
185 token_add_attr (struct IdentityToken *token,
190 * Add a new key value pair to the token
192 * @param token the token to modify
194 * @param value the value
197 token_add_attr_int (struct IdentityToken *token,
204 * Add a value to a TokenAttribute
206 * @param attr the token attribute
207 * @param value value to add
210 token_attr_add_value (const struct TokenAttr *attr,
214 * Add a new key value pair to the token with the value as json
216 * @param the token to modify
218 * @param value the value
222 token_add_attr_json (struct IdentityToken *token,
227 * Serialize a token. The token will be signed and base64 according to the
228 * JWT format. The signature is base32-encoded ECDSA.
229 * The resulting JWT is encrypted using
230 * ECDHE for the audience and Base64
231 * encoded in result. The audience requires the ECDHE public key P
232 * to decrypt the token T. The key P is included in the result and prepended
235 * @param token the token to serialize
236 * @param priv_key the private key used to sign the token
237 * @param ecdhe_privkey the ECDHE private key used to encrypt the token
238 * @param result P,Base64(E(T))
240 * @return GNUNET_OK on success
243 token_serialize (const struct IdentityToken*token,
244 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
245 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
249 * Parses the serialized token and returns a token
251 * @param data the serialized token
252 * @param priv_key the private key of the audience
253 * @param result the token
255 * @return GNUNET_OK on success
258 token_parse (const char* data,
259 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
260 struct IdentityToken **result);
263 * Parses the serialized token and returns a token
264 * This variant is intended for the party that issued the token and also
265 * wants to decrypt the serialized token.
267 * @param data the serialized token
268 * @param priv_key the private (!) ECDHE key
269 * @param aud_key the identity of the audience
270 * @param result the token
272 * @return GNUNET_OK on success
275 token_parse2 (const char* data,
276 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
277 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
278 struct IdentityToken **result);
283 * Returns a JWT-string representation of the token
285 * @param token the token
286 * @param priv_key the private key used to sign the JWT
287 * @param result the JWT
289 * @return GNUNET_OK on success
292 token_to_string (const struct IdentityToken *token,
293 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
298 * Creates a ticket that can be exchanged by the audience for
299 * the token. The token must be placed under the label
301 * @param nonce nonce provided by the audience that requested the ticket
302 * @param iss_pkey the issuer pubkey used to sign the ticket
303 * @param label the label encoded in the ticket
304 * @param aud_ley the audience pubkey used to encrypt the ticket payload
309 ticket_create (uint64_t nonce,
310 const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
312 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
315 * Serialize a ticket. Returns the Base64 representation of the ticket.
316 * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
318 * @param ticket the ticket to serialize
319 * @param priv_key the issuer private key to sign the ticket payload
320 * @param result the serialized ticket
322 * @return GNUNET_OK on success
325 ticket_serialize (struct TokenTicket *ticket,
326 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
332 * @param the ticket to destroy
335 ticket_destroy (struct TokenTicket *ticket);
338 * Parses a serialized ticket
340 * @param data the serialized ticket
341 * @param priv_key the audience private key
342 * @param ticket the ticket
344 * @return GNUNET_OK on success
347 ticket_parse (const char* raw_data,
348 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
349 struct TokenTicket **ticket);