2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
23 * @author Adnan Husain
26 * API to the Credential service
28 * @defgroup credential Credential service
33 #ifndef GNUNET_CREDENTIAL_SERVICE_H
34 #define GNUNET_CREDENTIAL_SERVICE_H
36 #include "gnunet_util_lib.h"
37 #include "gnunet_gns_service.h"
38 #include "gnunet_identity_service.h"
43 #if 0 /* keep Emacsens' auto-indent happy */
50 * Connection to the Credential service.
52 struct GNUNET_CREDENTIAL_Handle;
55 * Handle to control a lookup operation.
57 struct GNUNET_CREDENTIAL_Request;
60 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
62 enum GNUNET_CREDENTIAL_CredentialFlags {
64 //Subject had credentials before, but have been revoked now
65 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
67 //Subject flag indicates that the subject is a holder of this credential and may present it as such
68 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
70 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
71 GNUNET_CREDENTIAL_FLAG_ISSUER=2
75 GNUNET_NETWORK_STRUCT_BEGIN
77 * The credential record
79 struct GNUNET_CREDENTIAL_CredentialRecordData {
82 * The signature for this credential by the issuer
84 struct GNUNET_CRYPTO_EcdsaSignature signature;
89 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
92 * Public key of the issuer
94 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
97 * Public key of the subject this credential was issued to
99 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
102 * Expiration time of this credential
104 uint64_t expiration GNUNET_PACKED;
107 * Followed by the attribute string
113 * The attribute delegation record
115 struct GNUNET_CREDENTIAL_DelegationRecordData {
124 * Followed by the attribute that was delegated to as string
132 * The attribute delegation record
134 struct GNUNET_CREDENTIAL_DelegationSetRecord {
137 * Public key of the subject this attribute was delegated to
139 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
141 uint32_t subject_attribute_len;
143 const char *subject_attribute;
146 * Followed by the attribute that was delegated to as string
155 struct GNUNET_CREDENTIAL_Delegation {
158 * The issuer of the delegation
160 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
163 * Public key of the subject this attribute was delegated to
165 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
168 * Length of the attribute
170 uint32_t issuer_attribute_len;
175 const char *issuer_attribute;
178 * Length of the attribute
180 uint32_t subject_attribute_len;
185 const char *subject_attribute;
192 struct GNUNET_CREDENTIAL_Credential {
195 * The issuer of the credential
197 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
200 * Public key of the subject this credential was issued to
202 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
205 * Length of the attribute
207 uint32_t issuer_attribute_len;
212 const char *issuer_attribute;
217 GNUNET_NETWORK_STRUCT_END
222 * Initialize the connection with the Credential service.
224 * @param cfg configuration to use
225 * @return handle to the Credential service, or NULL on error
227 struct GNUNET_CREDENTIAL_Handle *
228 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
232 * Shutdown connection with the Credentail service.
234 * @param handle connection to shut down
237 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
241 * Iterator called on obtained result for an attribute verification.
244 * @param d_count the number of delegations processed
245 * @param delegation_chain the delegations processed
246 * @param c_count the number of credentials found
247 * @param credential the credentials
249 typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls,
250 unsigned int d_count,
251 struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
252 unsigned int c_count,
253 struct GNUNET_CREDENTIAL_Credential *credential);
256 * Iterator called on obtained result for an attribute delegation.
259 * @param success GNUNET_YES if successful
260 * @param result the record data that can be handed to the subject
262 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
266 * Iterator called on obtained result for an attribute delegation removal.
269 * @param success GNUNET_YES if successful
270 * @param result the record data that can be handed to the subject
272 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
279 * Performs attribute verification.
280 * Checks if there is a delegation chain from
281 * attribute ``issuer_attribute'' issued by the issuer
282 * with public key ``issuer_key'' maps to the attribute
283 * ``subject_attribute'' claimed by the subject with key
286 * @param handle handle to the Credential service
287 * @param issuer_key the issuer public key
288 * @param issuer_attribute the issuer attribute
289 * @param subject_key the subject public key
290 * @param subject_attribute the attribute claimed by the subject
291 * @param proc function to call on result
292 * @param proc_cls closure for processor
293 * @return handle to the queued request
295 struct GNUNET_CREDENTIAL_Request*
296 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
297 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
298 const char *issuer_attribute,
299 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
300 const char *subject_attribute,
301 GNUNET_CREDENTIAL_VerifyResultProcessor proc,
305 * Delegate an attribute
307 * @param handle handle to the Credential service
308 * @param issuer the ego that should be used to delegate the attribute
309 * @param attribute the name of the attribute to delegate
310 * @param subject the subject of the delegation
311 * @param delegated_attribute the name of the attribute that is delegated to
312 * @return handle to the queued request
314 struct GNUNET_CREDENTIAL_Request *
315 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
316 struct GNUNET_IDENTITY_Ego *issuer,
317 const char *attribute,
318 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
319 const char *delegated_attribute,
320 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
324 * Remove a delegation
326 * @param handle handle to the Credential service
327 * @param issuer the ego that was used to delegate the attribute
328 * @param attribute the name of the attribute that is delegated
329 * @return handle to the queued request
331 struct GNUNET_CREDENTIAL_Request *
332 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
333 struct GNUNET_IDENTITY_Ego *issuer,
334 const char *attribute,
335 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
341 * Issue an attribute to a subject
343 * @param handle handle to the Credential service
344 * @param issuer the ego that should be used to issue the attribute
345 * @param subject the subject of the attribute
346 * @param attribute the name of the attribute
347 * @param expiration the TTL of the credential
348 * @return handle to the queued request
350 struct GNUNET_CREDENTIAL_CredentialRecordData *
351 GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
352 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
353 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
354 const char *attribute,
355 struct GNUNET_TIME_Absolute *expiration);
359 * Remove a credential
361 * @param handle handle to the Credential service
362 * @param issuer the identity that issued the credential
363 * @param subject the subject of the credential
364 * @param credential the name of the credential
365 * @return handle to the queued request
368 struct GNUNET_CREDENTIAL_IssueRequest *
369 GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
370 struct GNUNET_IDENTITY_Ego *issuer,
371 struct GNUNET_IDENTITY_Ego *subject,
372 const char *credential,
373 GNUNET_CREDENTIAL_IssueResultProcessor proc,
379 * Cancel pending lookup request
381 * @param lr the lookup request to cancel
384 GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr);
387 #if 0 /* keep Emacsens' auto-indent happy */
396 /** @} */ /* end of group */