2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
17 * @author Martin Schanzenbach
20 * API to the Credential service
22 * @defgroup credential Credential service
27 #ifndef GNUNET_CREDENTIAL_SERVICE_H
28 #define GNUNET_CREDENTIAL_SERVICE_H
30 #include "gnunet_util_lib.h"
31 #include "gnunet_gns_service.h"
32 #include "gnunet_identity_service.h"
37 #if 0 /* keep Emacsens' auto-indent happy */
44 * Connection to the Credential service.
46 struct GNUNET_CREDENTIAL_Handle;
49 * Handle to control a lookup operation.
51 struct GNUNET_CREDENTIAL_Request;
54 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
56 enum GNUNET_CREDENTIAL_CredentialFlags {
58 //Subject had credentials before, but have been revoked now
59 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
61 //Subject flag indicates that the subject is a holder of this credential and may present it as such
62 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
64 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
65 GNUNET_CREDENTIAL_FLAG_ISSUER=2
69 GNUNET_NETWORK_STRUCT_BEGIN
71 * The attribute delegation record
73 struct GNUNET_CREDENTIAL_DelegationRecord {
76 * Number of delegation sets in this record
81 * Length of delegation sets
85 * Followed by set_count DelegationSetRecords
91 * The attribute delegation record
93 struct GNUNET_CREDENTIAL_DelegationRecordSet {
96 * Public key of the subject this attribute was delegated to
98 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
101 * Length of attribute, may be 0
103 uint32_t subject_attribute_len;
107 GNUNET_NETWORK_STRUCT_END
110 * The attribute delegation record
112 struct GNUNET_CREDENTIAL_DelegationSet {
115 * Public key of the subject this attribute was delegated to
117 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
119 uint32_t subject_attribute_len;
122 * The subject attribute
124 const char *subject_attribute;
131 struct GNUNET_CREDENTIAL_Delegation {
134 * The issuer of the delegation
136 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
139 * Public key of the subject this attribute was delegated to
141 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
144 * Length of the attribute
146 uint32_t issuer_attribute_len;
151 const char *issuer_attribute;
154 * Length of the attribute
156 uint32_t subject_attribute_len;
161 const char *subject_attribute;
168 struct GNUNET_CREDENTIAL_Credential {
171 * The issuer of the credential
173 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
176 * Public key of the subject this credential was issued to
178 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
181 * Signature of this credential
183 struct GNUNET_CRYPTO_EcdsaSignature signature;
186 * Expiration of this credential
188 struct GNUNET_TIME_Absolute expiration;
191 * Length of the attribute
193 uint32_t issuer_attribute_len;
198 const char *issuer_attribute;
205 * Initialize the connection with the Credential service.
207 * @param cfg configuration to use
208 * @return handle to the Credential service, or NULL on error
210 struct GNUNET_CREDENTIAL_Handle *
211 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
215 * Shutdown connection with the Credentail service.
217 * @param handle connection to shut down
220 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
224 * Iterator called on obtained result for an attribute verification.
227 * @param d_count the number of delegations processed
228 * @param delegation_chain the delegations processed
229 * @param c_count the number of credentials found
230 * @param credential the credentials
232 typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls,
233 unsigned int d_count,
234 struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
235 unsigned int c_count,
236 struct GNUNET_CREDENTIAL_Credential *credential);
239 * Iterator called on obtained result for an attribute delegation.
242 * @param success GNUNET_YES if successful
243 * @param result the record data that can be handed to the subject
245 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
249 * Iterator called on obtained result for an attribute delegation removal.
252 * @param success GNUNET_YES if successful
253 * @param result the record data that can be handed to the subject
255 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
260 * Performs attribute verification.
261 * Checks if there is a delegation chain from
262 * attribute ``issuer_attribute'' issued by the issuer
263 * with public key ``issuer_key'' maps to the attribute
264 * ``subject_attribute'' claimed by the subject with key
267 * @param handle handle to the Credential service
268 * @param issuer_key the issuer public key
269 * @param issuer_attribute the issuer attribute
270 * @param subject_key the subject public key
271 * @param credential_count number of credentials
272 * @param credentials the subject credentials
273 * @param proc function to call on result
274 * @param proc_cls closure for processor
275 * @return handle to the queued request
277 struct GNUNET_CREDENTIAL_Request*
278 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
279 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
280 const char *issuer_attribute,
281 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
282 uint32_t credential_count,
283 const struct GNUNET_CREDENTIAL_Credential *credentials,
284 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
287 struct GNUNET_CREDENTIAL_Request*
288 GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle,
289 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
290 const char *issuer_attribute,
291 const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key,
292 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
296 * Delegate an attribute
298 * @param handle handle to the Credential service
299 * @param issuer the ego that should be used to delegate the attribute
300 * @param attribute the name of the attribute to delegate
301 * @param subject the subject of the delegation
302 * @param delegated_attribute the name of the attribute that is delegated to
303 * @param proc the result callback
304 * @param proc_cls the result closure context
305 * @return handle to the queued request
307 struct GNUNET_CREDENTIAL_Request *
308 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
309 struct GNUNET_IDENTITY_Ego *issuer,
310 const char *attribute,
311 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
312 const char *delegated_attribute,
313 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
317 * Remove a delegation
319 * @param handle handle to the Credential service
320 * @param issuer the ego that was used to delegate the attribute
321 * @param attribute the name of the attribute that is delegated
322 * @param proc the callback
323 * @param proc_cls callback closure
324 * @return handle to the queued request
326 struct GNUNET_CREDENTIAL_Request *
327 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
328 struct GNUNET_IDENTITY_Ego *issuer,
329 const char *attribute,
330 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
336 * Issue an attribute to a subject
338 * @param issuer the ego that should be used to issue the attribute
339 * @param subject the subject of the attribute
340 * @param attribute the name of the attribute
341 * @param expiration the TTL of the credential
342 * @return handle to the queued request
344 struct GNUNET_CREDENTIAL_Credential*
345 GNUNET_CREDENTIAL_credential_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
346 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
347 const char *attribute,
348 struct GNUNET_TIME_Absolute *expiration);
353 * Cancel pending lookup request
355 * @param lr the lookup request to cancel
358 GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *lr);
361 #if 0 /* keep Emacsens' auto-indent happy */
370 /** @} */ /* end of group */