2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
23 * @author Adnan Husain
26 * API to the Credential service
28 * @defgroup credential Credential service
33 #ifndef GNUNET_CREDENTIAL_SERVICE_H
34 #define GNUNET_CREDENTIAL_SERVICE_H
36 #include "gnunet_util_lib.h"
37 #include "gnunet_gns_service.h"
38 #include "gnunet_identity_service.h"
43 #if 0 /* keep Emacsens' auto-indent happy */
50 * Connection to the Credential service.
52 struct GNUNET_CREDENTIAL_Handle;
55 * Handle to control a lookup operation.
57 struct GNUNET_CREDENTIAL_Request;
60 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
62 enum GNUNET_CREDENTIAL_CredentialFlags {
64 //Subject had credentials before, but have been revoked now
65 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
67 //Subject flag indicates that the subject is a holder of this credential and may present it as such
68 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
70 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
71 GNUNET_CREDENTIAL_FLAG_ISSUER=2
75 GNUNET_NETWORK_STRUCT_BEGIN
77 * The credential record
79 struct GNUNET_CREDENTIAL_CredentialRecordData {
82 * The signature for this credential by the issuer
84 struct GNUNET_CRYPTO_EcdsaSignature signature;
89 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
92 * Public key of the issuer
94 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
97 * Public key of the subject this credential was issued to
99 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
102 * Expiration time of this credential
104 uint64_t expiration GNUNET_PACKED;
107 * Followed by the attribute string
113 * The attribute delegation record
115 struct GNUNET_CREDENTIAL_AttributeRecordData {
118 * Public key of the subject this attribute was delegated to
120 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
123 * Followed by the attribute that was delegated to as string
129 * The attribute delegation record
131 struct GNUNET_CREDENTIAL_DelegationRecordData {
140 * Followed by the attribute that was delegated to as string
148 * The attribute delegation record
150 struct GNUNET_CREDENTIAL_DelegationSetRecord {
153 * Public key of the subject this attribute was delegated to
155 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
157 uint32_t subject_attribute_len;
159 const char *subject_attribute;
162 * Followed by the attribute that was delegated to as string
171 struct GNUNET_CREDENTIAL_Delegation {
174 * The issuer of the delegation
176 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
179 * Public key of the subject this attribute was delegated to
181 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
184 * Length of the attribute
186 uint32_t issuer_attribute_len;
191 const char *issuer_attribute;
194 * Length of the attribute
196 uint32_t subject_attribute_len;
201 const char *subject_attribute;
208 struct GNUNET_CREDENTIAL_Credential {
211 * The issuer of the credential
213 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
216 * Public key of the subject this credential was issued to
218 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
221 * Length of the attribute
223 uint32_t issuer_attribute_len;
228 const char *issuer_attribute;
233 GNUNET_NETWORK_STRUCT_END
238 * Initialize the connection with the Credential service.
240 * @param cfg configuration to use
241 * @return handle to the Credential service, or NULL on error
243 struct GNUNET_CREDENTIAL_Handle *
244 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
248 * Shutdown connection with the Credentail service.
250 * @param handle connection to shut down
253 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
257 * Iterator called on obtained result for an attribute verification.
260 * @param issuer the issuer of the attribute NULL if verification failed
261 * @param result the result of the verification
262 * @param rd the records in reply
264 typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls,
265 unsigned int d_count,
266 struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
267 struct GNUNET_CREDENTIAL_Credential *credential);
270 * Iterator called on obtained result for an attribute delegation.
273 * @param success GNUNET_YES if successful
274 * @param result the record data that can be handed to the subject
276 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
280 * Iterator called on obtained result for an attribute delegation removal.
283 * @param success GNUNET_YES if successful
284 * @param result the record data that can be handed to the subject
286 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
293 * Performs attribute verification.
294 * Checks if there is a delegation chain from
295 * attribute ``issuer_attribute'' issued by the issuer
296 * with public key ``issuer_key'' maps to the attribute
297 * ``subject_attribute'' claimed by the subject with key
300 * @param handle handle to the Credential service
301 * @param issuer_key the issuer public key
302 * @param issuer_attribute the issuer attribute
303 * @param subject_key the subject public key
304 * @param subject_attribute the attribute claimed by the subject
305 * @param proc function to call on result
306 * @param proc_cls closure for processor
307 * @return handle to the queued request
309 struct GNUNET_CREDENTIAL_Request*
310 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
311 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
312 const char *issuer_attribute,
313 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
314 const char *subject_attribute,
315 GNUNET_CREDENTIAL_VerifyResultProcessor proc,
319 * Delegate an attribute
321 * @param handle handle to the Credential service
322 * @param issuer the ego that should be used to delegate the attribute
323 * @param attribute the name of the attribute to delegate
324 * @param subject the subject of the delegation
325 * @param delegated_attribute the name of the attribute that is delegated to
326 * @return handle to the queued request
328 struct GNUNET_CREDENTIAL_Request *
329 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
330 struct GNUNET_IDENTITY_Ego *issuer,
331 const char *attribute,
332 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
333 const char *delegated_attribute,
334 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
338 * Remove a delegation
340 * @param handle handle to the Credential service
341 * @param issuer the ego that was used to delegate the attribute
342 * @param attribute the name of the attribute that is delegated
343 * @return handle to the queued request
345 struct GNUNET_CREDENTIAL_Request *
346 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
347 struct GNUNET_IDENTITY_Ego *issuer,
348 const char *attribute,
349 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
355 * Issue an attribute to a subject
357 * @param handle handle to the Credential service
358 * @param issuer the ego that should be used to issue the attribute
359 * @param subject the subject of the attribute
360 * @param attribute the name of the attribute
361 * @param expiration the TTL of the credential
362 * @return handle to the queued request
364 struct GNUNET_CREDENTIAL_CredentialRecordData *
365 GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
366 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
367 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
368 const char *attribute,
369 struct GNUNET_TIME_Absolute *expiration);
373 * Remove a credential
375 * @param handle handle to the Credential service
376 * @param issuer the identity that issued the credential
377 * @param subject the subject of the credential
378 * @param credential the name of the credential
379 * @return handle to the queued request
382 struct GNUNET_CREDENTIAL_IssueRequest *
383 GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
384 struct GNUNET_IDENTITY_Ego *issuer,
385 struct GNUNET_IDENTITY_Ego *subject,
386 const char *credential,
387 GNUNET_CREDENTIAL_IssueResultProcessor proc,
393 * Cancel pending lookup request
395 * @param lr the lookup request to cancel
398 GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr);
401 #if 0 /* keep Emacsens' auto-indent happy */
410 /** @} */ /* end of group */