2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
23 * @author Adnan Husain
26 * API to the Credential service
28 * @defgroup credential Credential service
33 #ifndef GNUNET_CREDENTIAL_SERVICE_H
34 #define GNUNET_CREDENTIAL_SERVICE_H
36 #include "gnunet_util_lib.h"
37 #include "gnunet_gns_service.h"
38 #include "gnunet_identity_service.h"
43 #if 0 /* keep Emacsens' auto-indent happy */
50 * Connection to the Credential service.
52 struct GNUNET_CREDENTIAL_Handle;
55 * Handle to control a lookup operation.
57 struct GNUNET_CREDENTIAL_Request;
60 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
62 enum GNUNET_CREDENTIAL_CredentialFlags {
64 //Subject had credentials before, but have been revoked now
65 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
67 //Subject flag indicates that the subject is a holder of this credential and may present it as such
68 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
70 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
71 GNUNET_CREDENTIAL_FLAG_ISSUER=2
75 GNUNET_NETWORK_STRUCT_BEGIN
77 * The credential record
79 struct GNUNET_CREDENTIAL_CredentialRecordData {
82 * The signature for this credential by the issuer
84 struct GNUNET_CRYPTO_EcdsaSignature sig;
89 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
92 * Public key of the issuer
94 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
97 * Public key of the subject this credential was issued to
99 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
102 * Expiration time of this credential
104 uint64_t expiration GNUNET_PACKED;
107 * Followed by the attribute string
113 * The attribute delegation record
115 struct GNUNET_CREDENTIAL_AttributeRecordData {
118 * Public key of the subject this attribute was delegated to
120 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
123 * Followed by the attribute that was delegated to as string
130 GNUNET_NETWORK_STRUCT_END
135 * Initialize the connection with the Credential service.
137 * @param cfg configuration to use
138 * @return handle to the Credential service, or NULL on error
140 struct GNUNET_CREDENTIAL_Handle *
141 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
145 * Shutdown connection with the Credentail service.
147 * @param handle connection to shut down
150 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
154 * Iterator called on obtained result for an attribute verification.
157 * @param issuer the issuer of the attribute NULL if verification failed
158 * @param result the result of the verification
159 * @param rd the records in reply
161 typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls,
162 struct GNUNET_CRYPTO_EcdsaPublicKey *issuer,
166 * Iterator called on obtained result for an attribute delegation.
169 * @param success GNUNET_YES if successful
170 * @param result the record data that can be handed to the subject
172 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
176 * Iterator called on obtained result for an attribute delegation removal.
179 * @param success GNUNET_YES if successful
180 * @param result the record data that can be handed to the subject
182 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
189 * Performs attribute verification.
190 * Checks if there is a delegation chain from
191 * attribute ``issuer_attribute'' issued by the issuer
192 * with public key ``issuer_key'' maps to the attribute
193 * ``subject_attribute'' claimed by the subject with key
196 * @param handle handle to the Credential service
197 * @param issuer_key the issuer public key
198 * @param issuer_attribute the issuer attribute
199 * @param subject_key the subject public key
200 * @param subject_attribute the attribute claimed by the subject
201 * @param proc function to call on result
202 * @param proc_cls closure for processor
203 * @return handle to the queued request
205 struct GNUNET_CREDENTIAL_Request*
206 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
207 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
208 const char *issuer_attribute,
209 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
210 const char *subject_attribute,
211 GNUNET_CREDENTIAL_VerifyResultProcessor proc,
215 * Delegate an attribute
217 * @param handle handle to the Credential service
218 * @param issuer the ego that should be used to delegate the attribute
219 * @param attribute the name of the attribute to delegate
220 * @param subject the subject of the delegation
221 * @param delegated_attribute the name of the attribute that is delegated to
222 * @return handle to the queued request
224 struct GNUNET_CREDENTIAL_Request *
225 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
226 struct GNUNET_IDENTITY_Ego *issuer,
227 const char *attribute,
228 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
229 const char *delegated_attribute,
230 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
234 * Remove a delegation
236 * @param handle handle to the Credential service
237 * @param issuer the ego that was used to delegate the attribute
238 * @param attribute the name of the attribute that is delegated
239 * @return handle to the queued request
241 struct GNUNET_CREDENTIAL_Request *
242 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
243 struct GNUNET_IDENTITY_Ego *issuer,
244 const char *attribute,
245 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
251 * Issue an attribute to a subject
253 * @param handle handle to the Credential service
254 * @param issuer the ego that should be used to issue the attribute
255 * @param subject the subject of the attribute
256 * @param attribute the name of the attribute
257 * @param expiration the TTL of the credential
258 * @return handle to the queued request
260 struct GNUNET_CREDENTIAL_CredentialRecordData *
261 GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
262 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
263 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
264 const char *attribute,
265 struct GNUNET_TIME_Absolute *expiration);
269 * Remove a credential
271 * @param handle handle to the Credential service
272 * @param issuer the identity that issued the credential
273 * @param subject the subject of the credential
274 * @param credential the name of the credential
275 * @return handle to the queued request
278 struct GNUNET_CREDENTIAL_IssueRequest *
279 GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
280 struct GNUNET_IDENTITY_Ego *issuer,
281 struct GNUNET_IDENTITY_Ego *subject,
282 const char *credential,
283 GNUNET_CREDENTIAL_IssueResultProcessor proc,
289 * Cancel pending lookup request
291 * @param lr the lookup request to cancel
294 GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr);
297 #if 0 /* keep Emacsens' auto-indent happy */
306 /** @} */ /* end of group */
projects / oweals / gnunet.git / blob