2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @author Martin Schanzenbach
25 * API to the Credential service
27 * @defgroup abd Credential service
32 #ifndef GNUNET_ABD_SERVICE_H
33 #define GNUNET_ABD_SERVICE_H
35 #include "gnunet_util_lib.h"
36 #include "gnunet_gns_service.h"
37 #include "gnunet_identity_service.h"
42 #if 0 /* keep Emacsens' auto-indent happy */
49 * Connection to the Credential service.
51 struct GNUNET_ABD_Handle;
54 * Handle to control a lookup operation.
56 struct GNUNET_ABD_Request;
59 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
61 enum GNUNET_ABD_CredentialFlags {
63 //Subject had credentials before, but have been revoked now
64 GNUNET_ABD_FLAG_REVOKED=0,
66 //Subject flag indicates that the subject is a holder of this credential and may present it as such
67 GNUNET_ABD_FLAG_SUBJECT=1,
69 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
70 GNUNET_ABD_FLAG_ISSUER=2
74 GNUNET_NETWORK_STRUCT_BEGIN
76 * The attribute delegation record
78 struct GNUNET_ABD_DelegationRecord {
81 * Number of delegation sets in this record
86 * Length of delegation sets
90 * Followed by set_count DelegationSetRecords
96 * The attribute delegation record
98 struct GNUNET_ABD_DelegationRecordSet {
101 * Public key of the subject this attribute was delegated to
103 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
106 * Length of attribute, may be 0
108 uint32_t subject_attribute_len;
112 GNUNET_NETWORK_STRUCT_END
115 * The attribute delegation record
117 struct GNUNET_ABD_DelegationSet {
120 * Public key of the subject this attribute was delegated to
122 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
124 uint32_t subject_attribute_len;
127 * The subject attribute
129 const char *subject_attribute;
136 struct GNUNET_ABD_Delegation {
139 * The issuer of the delegation
141 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
144 * Public key of the subject this attribute was delegated to
146 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
149 * Length of the attribute
151 uint32_t issuer_attribute_len;
156 const char *issuer_attribute;
159 * Length of the attribute
161 uint32_t subject_attribute_len;
166 const char *subject_attribute;
173 struct GNUNET_ABD_Delegate {
176 * The issuer of the credential
178 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
181 * Public key of the subject this credential was issued to
183 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
186 * Signature of this credential
188 struct GNUNET_CRYPTO_EcdsaSignature signature;
191 * Expiration of this credential
193 struct GNUNET_TIME_Absolute expiration;
196 * Length of the issuer attribute
198 uint32_t issuer_attribute_len;
201 * The issuer attribute
203 const char *issuer_attribute;
206 * Length of the subject attribute
208 uint32_t subject_attribute_len;
211 * The subject attribute
213 const char *subject_attribute;
218 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
220 enum GNUNET_ABD_AlgoDirectionFlags {
222 //Subject had credentials before, but have been revoked now
223 GNUNET_ABD_FLAG_FORWARD=1 << 0,
225 //Subject flag indicates that the subject is a holder of this credential and may present it as such
226 GNUNET_ABD_FLAG_BACKWARD=1 << 1
231 * Initialize the connection with the Credential service.
233 * @param cfg configuration to use
234 * @return handle to the Credential service, or NULL on error
236 struct GNUNET_ABD_Handle *
237 GNUNET_ABD_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
241 * Shutdown connection with the Credentail service.
243 * @param handle connection to shut down
246 GNUNET_ABD_disconnect (struct GNUNET_ABD_Handle *handle);
250 * Iterator called on obtained result for an attribute verification.
253 * @param d_count the number of delegations processed
254 * @param delegation_chain the delegations processed
255 * @param c_count the number of delegates found
256 * @param delegate the delegates
258 typedef void (*GNUNET_ABD_CredentialResultProcessor) (void *cls,
259 unsigned int d_count,
260 struct GNUNET_ABD_Delegation *delegation_chain,
261 unsigned int c_count,
262 struct GNUNET_ABD_Delegate *delegte);
264 typedef void (*GNUNET_ABD_IntermediateResultProcessor) (void *cls,
265 struct GNUNET_ABD_Delegation *delegation,
269 * Iterator called on obtained result for an attribute delegation.
272 * @param success GNUNET_YES if successful
273 * @param result the record data that can be handed to the subject
275 typedef void (*GNUNET_ABD_DelegateResultProcessor) (void *cls,
279 * Iterator called on obtained result for an attribute delegation removal.
282 * @param success GNUNET_YES if successful
283 * @param result the record data that can be handed to the subject
285 typedef void (*GNUNET_ABD_RemoveDelegateResultProcessor) (void *cls,
290 * Performs attribute verification.
291 * Checks if there is a delegation chain from
292 * attribute ``issuer_attribute'' issued by the issuer
293 * with public key ``issuer_key'' maps to the attribute
294 * ``subject_attribute'' claimed by the subject with key
297 * @param handle handle to the Credential service
298 * @param issuer_key the issuer public key
299 * @param issuer_attribute the issuer attribute
300 * @param subject_key the subject public key
301 * @param delegate_count number of delegates
302 * @param delegates the subject delegates
303 * @param proc function to call on result
304 * @param proc_cls closure for processor
305 * @return handle to the queued request
307 struct GNUNET_ABD_Request*
308 GNUNET_ABD_verify (struct GNUNET_ABD_Handle *handle,
309 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
310 const char *issuer_attribute,
311 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
312 uint32_t delegate_count,
313 const struct GNUNET_ABD_Delegate *delegates,
314 enum GNUNET_ABD_AlgoDirectionFlags direction,
315 GNUNET_ABD_CredentialResultProcessor proc,
317 GNUNET_ABD_IntermediateResultProcessor,
320 struct GNUNET_ABD_Request*
321 GNUNET_ABD_collect (struct GNUNET_ABD_Handle *handle,
322 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
323 const char *issuer_attribute,
324 const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key,
325 enum GNUNET_ABD_AlgoDirectionFlags direction,
326 GNUNET_ABD_CredentialResultProcessor proc,
328 GNUNET_ABD_IntermediateResultProcessor,
332 * Delegate an attribute
334 * @param handle handle to the Credential service
335 * @param issuer the ego that should be used to delegate the attribute
336 * @param attribute the name of the attribute to delegate
337 * @param subject the subject of the delegation
338 * @param delegated_attribute the name of the attribute that is delegated to
339 * @param proc the result callback
340 * @param proc_cls the result closure context
341 * @return handle to the queued request
343 struct GNUNET_ABD_Request *
344 GNUNET_ABD_add_delegation (struct GNUNET_ABD_Handle *handle,
345 struct GNUNET_IDENTITY_Ego *issuer,
346 const char *attribute,
347 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
348 const char *delegated_attribute,
349 GNUNET_ABD_DelegateResultProcessor proc,
353 * Remove a delegation
355 * @param handle handle to the Credential service
356 * @param issuer the ego that was used to delegate the attribute
357 * @param attribute the name of the attribute that is delegated
358 * @param proc the callback
359 * @param proc_cls callback closure
360 * @return handle to the queued request
362 struct GNUNET_ABD_Request *
363 GNUNET_ABD_remove_delegation (struct GNUNET_ABD_Handle *handle,
364 struct GNUNET_IDENTITY_Ego *issuer,
365 const char *attribute,
366 GNUNET_ABD_RemoveDelegateResultProcessor proc,
372 * Issue an attribute to a subject
374 * @param issuer the ego that should be used to issue the attribute
375 * @param subject the subject of the attribute
376 * @param attribute the name of the attribute
377 * @param expiration the TTL of the credential
378 * @return handle to the queued request
380 struct GNUNET_ABD_Delegate*
381 GNUNET_ABD_delegate_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
382 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
383 const char *iss_attr,
384 const char *sub_attr,
385 struct GNUNET_TIME_Absolute *expiration);
389 * Cancel pending lookup request
391 * @param lr the lookup request to cancel
394 GNUNET_ABD_request_cancel (struct GNUNET_ABD_Request *lr);
397 #if 0 /* keep Emacsens' auto-indent happy */
406 /** @} */ /* end of group */