2 This file is part of GNUnet.
3 Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @author Martin Schanzenbach
22 * @file include/gnunet_identity_provider_lib.h
23 * @brief GNUnet Identity Provider library
26 #ifndef IDENTITY_TOKEN_H
27 #define IDENTITY_TOKEN_H
29 #include "gnunet_crypto_lib.h"
37 struct TokenAttr *attr_head;
42 struct TokenAttr *attr_tail;
47 struct GNUNET_CRYPTO_EcdsaSignature signature;
52 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
60 struct TokenAttr *next;
65 struct TokenAttr *prev;
75 struct TokenAttrValue *val_head;
80 struct TokenAttrValue *val_tail;
89 struct TokenAttrValue *next;
94 struct TokenAttrValue *prev;
102 struct TokenTicketPayload
117 struct GNUNET_CRYPTO_EcdsaPublicKey identity_key;
126 struct TokenTicketPayload *payload;
131 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
136 struct GNUNET_CRYPTO_EcdsaSignature signature;
141 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
147 * Create an identity token
149 * @param iss the issuer string for the token
150 * @param aud the audience of the token
152 * @return a new token
154 struct IdentityToken*
155 token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss,
156 const struct GNUNET_CRYPTO_EcdsaPublicKey* aud);
159 * Destroy an identity token
161 * @param token the token to destroy
164 token_destroy (struct IdentityToken*token);
167 * Add a new key value pair to the token
169 * @param token the token to modify
171 * @param value the value
174 token_add_attr (struct IdentityToken *token,
179 * Add a value to a TokenAttribute
181 * @param attr the token attribute
182 * @param value value to add
185 token_attr_add_value (const struct TokenAttr *attr,
189 * Add a new key value pair to the token with the value as json
191 * @param the token to modify
193 * @param value the value
197 token_add_json (const struct IdentityToken *token,
202 * Serialize a token. The token will be signed and base64 according to the
203 * JWT format. The signature is base32-encoded ECDSA.
204 * The resulting JWT is encrypted using
205 * ECDHE for the audience and Base64
206 * encoded in result. The audience requires the ECDHE public key P
207 * to decrypt the token T. The key P is included in the result and prepended
210 * @param token the token to serialize
211 * @param priv_key the private key used to sign the token
212 * @param ecdhe_privkey the ECDHE private key used to encrypt the token
213 * @param result P,Base64(E(T))
215 * @return GNUNET_OK on success
218 token_serialize (const struct IdentityToken*token,
219 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
220 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
224 * Parses the serialized token and returns a token
226 * @param data the serialized token
227 * @param priv_key the private key of the audience
228 * @param result the token
230 * @return GNUNET_OK on success
233 token_parse (const char* data,
234 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
235 struct IdentityToken **result);
238 * Parses the serialized token and returns a token
239 * This variant is intended for the party that issued the token and also
240 * wants to decrypt the serialized token.
242 * @param data the serialized token
243 * @param priv_key the private (!) ECDHE key
244 * @param aud_key the identity of the audience
245 * @param result the token
247 * @return GNUNET_OK on success
250 token_parse2 (const char* data,
251 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
252 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
253 struct IdentityToken **result);
258 * Returns a JWT-string representation of the token
260 * @param token the token
261 * @param priv_key the private key used to sign the JWT
262 * @param result the JWT
264 * @return GNUNET_OK on success
267 token_to_string (const struct IdentityToken *token,
268 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
273 * Creates a ticket that can be exchanged by the audience for
274 * the token. The token must be placed under the label
276 * @param nonce_str nonce provided by the audience that requested the ticket
277 * @param iss_pkey the issuer pubkey used to sign the ticket
278 * @param label the label encoded in the ticket
279 * @param aud_ley the audience pubkey used to encrypt the ticket payload
284 ticket_create (const char* nonce_str,
285 const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
287 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
290 * Serialize a ticket. Returns the Base64 representation of the ticket.
291 * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
293 * @param ticket the ticket to serialize
294 * @param priv_key the issuer private key to sign the ticket payload
295 * @param result the serialized ticket
297 * @return GNUNET_OK on success
300 ticket_serialize (struct TokenTicket *ticket,
301 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
307 * @param the ticket to destroy
310 ticket_destroy (struct TokenTicket *ticket);
313 * Parses a serialized ticket
315 * @param data the serialized ticket
316 * @param priv_key the audience private key
317 * @param ticket the ticket
319 * @return GNUNET_OK on success
322 ticket_parse (const char* raw_data,
323 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
324 struct TokenTicket **ticket);
projects / oweals / gnunet.git / blob