2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
23 * @author Adnan Husain
26 * API to the Credential service
28 * @defgroup credential Credential service
33 #ifndef GNUNET_CREDENTIAL_SERVICE_H
34 #define GNUNET_CREDENTIAL_SERVICE_H
36 #include "gnunet_util_lib.h"
37 #include "gnunet_gns_service.h"
38 #include "gnunet_identity_service.h"
43 #if 0 /* keep Emacsens' auto-indent happy */
50 * Connection to the Credential service.
52 struct GNUNET_CREDENTIAL_Handle;
55 * Handle to control a lookup operation.
57 struct GNUNET_CREDENTIAL_Request;
60 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
62 enum GNUNET_CREDENTIAL_CredentialFlags {
64 //Subject had credentials before, but have been revoked now
65 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
67 //Subject flag indicates that the subject is a holder of this credential and may present it as such
68 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
70 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
71 GNUNET_CREDENTIAL_FLAG_ISSUER=2
75 GNUNET_NETWORK_STRUCT_BEGIN
77 * The attribute delegation record
79 struct GNUNET_CREDENTIAL_DelegationRecord {
82 * Number of delegation sets in this record
87 * Length of delegation sets
91 * Followed by set_count DelegationSetRecords
97 * The attribute delegation record
99 struct GNUNET_CREDENTIAL_DelegationRecordSet {
102 * Public key of the subject this attribute was delegated to
104 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
107 * Length of attribute, may be 0
109 uint32_t subject_attribute_len;
113 GNUNET_NETWORK_STRUCT_END
116 * The attribute delegation record
118 struct GNUNET_CREDENTIAL_DelegationSet {
121 * Public key of the subject this attribute was delegated to
123 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
125 uint32_t subject_attribute_len;
128 * The subject attribute
130 const char *subject_attribute;
137 struct GNUNET_CREDENTIAL_Delegation {
140 * The issuer of the delegation
142 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
145 * Public key of the subject this attribute was delegated to
147 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
150 * Length of the attribute
152 uint32_t issuer_attribute_len;
157 const char *issuer_attribute;
160 * Length of the attribute
162 uint32_t subject_attribute_len;
167 const char *subject_attribute;
174 struct GNUNET_CREDENTIAL_Credential {
177 * The issuer of the credential
179 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
182 * Public key of the subject this credential was issued to
184 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
187 * Signature of this credential
189 struct GNUNET_CRYPTO_EcdsaSignature signature;
192 * Expiration of this credential
194 struct GNUNET_TIME_Absolute expiration;
197 * Length of the attribute
199 uint32_t issuer_attribute_len;
204 const char *issuer_attribute;
211 * Initialize the connection with the Credential service.
213 * @param cfg configuration to use
214 * @return handle to the Credential service, or NULL on error
216 struct GNUNET_CREDENTIAL_Handle *
217 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
221 * Shutdown connection with the Credentail service.
223 * @param handle connection to shut down
226 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
230 * Iterator called on obtained result for an attribute verification.
233 * @param d_count the number of delegations processed
234 * @param delegation_chain the delegations processed
235 * @param c_count the number of credentials found
236 * @param credential the credentials
238 typedef void (*GNUNET_CREDENTIAL_CredentialResultProcessor) (void *cls,
239 unsigned int d_count,
240 struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
241 unsigned int c_count,
242 struct GNUNET_CREDENTIAL_Credential *credential);
245 * Iterator called on obtained result for an attribute delegation.
248 * @param success GNUNET_YES if successful
249 * @param result the record data that can be handed to the subject
251 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
255 * Iterator called on obtained result for an attribute delegation removal.
258 * @param success GNUNET_YES if successful
259 * @param result the record data that can be handed to the subject
261 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
266 * Performs attribute verification.
267 * Checks if there is a delegation chain from
268 * attribute ``issuer_attribute'' issued by the issuer
269 * with public key ``issuer_key'' maps to the attribute
270 * ``subject_attribute'' claimed by the subject with key
273 * @param handle handle to the Credential service
274 * @param issuer_key the issuer public key
275 * @param issuer_attribute the issuer attribute
276 * @param subject_key the subject public key
277 * @param subject_attribute the attribute claimed by the subject
278 * @param proc function to call on result
279 * @param proc_cls closure for processor
280 * @return handle to the queued request
282 struct GNUNET_CREDENTIAL_Request*
283 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
284 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
285 const char *issuer_attribute,
286 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
287 uint32_t credential_count,
288 const struct GNUNET_CREDENTIAL_Credential *credentials,
289 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
292 struct GNUNET_CREDENTIAL_Request*
293 GNUNET_CREDENTIAL_collect (struct GNUNET_CREDENTIAL_Handle *handle,
294 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
295 const char *issuer_attribute,
296 const struct GNUNET_CRYPTO_EcdsaPrivateKey *subject_key,
297 GNUNET_CREDENTIAL_CredentialResultProcessor proc,
301 * Delegate an attribute
303 * @param handle handle to the Credential service
304 * @param issuer the ego that should be used to delegate the attribute
305 * @param attribute the name of the attribute to delegate
306 * @param subject the subject of the delegation
307 * @param delegated_attribute the name of the attribute that is delegated to
308 * @return handle to the queued request
310 struct GNUNET_CREDENTIAL_Request *
311 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
312 struct GNUNET_IDENTITY_Ego *issuer,
313 const char *attribute,
314 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
315 const char *delegated_attribute,
316 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
320 * Remove a delegation
322 * @param handle handle to the Credential service
323 * @param issuer the ego that was used to delegate the attribute
324 * @param attribute the name of the attribute that is delegated
325 * @return handle to the queued request
327 struct GNUNET_CREDENTIAL_Request *
328 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
329 struct GNUNET_IDENTITY_Ego *issuer,
330 const char *attribute,
331 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
337 * Issue an attribute to a subject
339 * @param handle handle to the Credential service
340 * @param issuer the ego that should be used to issue the attribute
341 * @param subject the subject of the attribute
342 * @param attribute the name of the attribute
343 * @param expiration the TTL of the credential
344 * @return handle to the queued request
346 struct GNUNET_CREDENTIAL_Credential*
347 GNUNET_CREDENTIAL_credential_issue (
348 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
349 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
350 const char *attribute,
351 struct GNUNET_TIME_Absolute *expiration);
355 * Remove a credential
357 * @param handle handle to the Credential service
358 * @param issuer the identity that issued the credential
359 * @param subject the subject of the credential
360 * @param credential the name of the credential
361 * @return handle to the queued request
364 struct GNUNET_CREDENTIAL_IssueRequest *
365 GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
366 struct GNUNET_IDENTITY_Ego *issuer,
367 struct GNUNET_IDENTITY_Ego *subject,
368 const char *credential,
369 GNUNET_CREDENTIAL_IssueResultProcessor proc,
375 * Cancel pending lookup request
377 * @param lr the lookup request to cancel
380 GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr);
383 #if 0 /* keep Emacsens' auto-indent happy */
392 /** @} */ /* end of group */