2 This file is part of GNUnet
3 Copyright (C) 2012-2014 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
23 * @author Adnan Husain
26 * API to the Credential service
28 * @defgroup credential Credential service
33 #ifndef GNUNET_CREDENTIAL_SERVICE_H
34 #define GNUNET_CREDENTIAL_SERVICE_H
36 #include "gnunet_util_lib.h"
37 #include "gnunet_gns_service.h"
38 #include "gnunet_identity_service.h"
43 #if 0 /* keep Emacsens' auto-indent happy */
50 * Connection to the Credential service.
52 struct GNUNET_CREDENTIAL_Handle;
55 * Handle to control a lookup operation.
57 struct GNUNET_CREDENTIAL_Request;
60 * Enum used for checking whether the issuer has the authority to issue credentials or is just a subject
62 enum GNUNET_CREDENTIAL_CredentialFlags {
64 //Subject had credentials before, but have been revoked now
65 GNUNET_CREDENTIAL_FLAG_REVOKED=0,
67 //Subject flag indicates that the subject is a holder of this credential and may present it as such
68 GNUNET_CREDENTIAL_FLAG_SUBJECT=1,
70 //Issuer flag is used to signify that the subject is allowed to issue this credential and delegate issuance
71 GNUNET_CREDENTIAL_FLAG_ISSUER=2
75 GNUNET_NETWORK_STRUCT_BEGIN
77 * The credential record
79 struct GNUNET_CREDENTIAL_CredentialRecordData {
82 * The signature for this credential by the issuer
84 struct GNUNET_CRYPTO_EcdsaSignature signature;
89 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
92 * Public key of the issuer
94 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
97 * Public key of the subject this credential was issued to
99 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
102 * Expiration time of this credential
104 uint64_t expiration GNUNET_PACKED;
107 * Followed by the attribute string
113 * The attribute delegation record
115 struct GNUNET_CREDENTIAL_AttributeRecordData {
118 * Public key of the subject this attribute was delegated to
120 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
123 * Followed by the attribute that was delegated to as string
130 GNUNET_NETWORK_STRUCT_END
135 * Initialize the connection with the Credential service.
137 * @param cfg configuration to use
138 * @return handle to the Credential service, or NULL on error
140 struct GNUNET_CREDENTIAL_Handle *
141 GNUNET_CREDENTIAL_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
145 * Shutdown connection with the Credentail service.
147 * @param handle connection to shut down
150 GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle);
154 * Iterator called on obtained result for an attribute verification.
157 * @param issuer the issuer of the attribute NULL if verification failed
158 * @param result the result of the verification
159 * @param rd the records in reply
161 typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls,
162 struct GNUNET_CREDENTIAL_CredentialRecordData *credential,
163 uint32_t delegation_length,
164 struct GNUNET_CREDENTIAL_AttributeRecordData *delegation_chain);
167 * Iterator called on obtained result for an attribute delegation.
170 * @param success GNUNET_YES if successful
171 * @param result the record data that can be handed to the subject
173 typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
177 * Iterator called on obtained result for an attribute delegation removal.
180 * @param success GNUNET_YES if successful
181 * @param result the record data that can be handed to the subject
183 typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
190 * Performs attribute verification.
191 * Checks if there is a delegation chain from
192 * attribute ``issuer_attribute'' issued by the issuer
193 * with public key ``issuer_key'' maps to the attribute
194 * ``subject_attribute'' claimed by the subject with key
197 * @param handle handle to the Credential service
198 * @param issuer_key the issuer public key
199 * @param issuer_attribute the issuer attribute
200 * @param subject_key the subject public key
201 * @param subject_attribute the attribute claimed by the subject
202 * @param proc function to call on result
203 * @param proc_cls closure for processor
204 * @return handle to the queued request
206 struct GNUNET_CREDENTIAL_Request*
207 GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
208 const struct GNUNET_CRYPTO_EcdsaPublicKey *issuer_key,
209 const char *issuer_attribute,
210 const struct GNUNET_CRYPTO_EcdsaPublicKey *subject_key,
211 const char *subject_attribute,
212 GNUNET_CREDENTIAL_VerifyResultProcessor proc,
216 * Delegate an attribute
218 * @param handle handle to the Credential service
219 * @param issuer the ego that should be used to delegate the attribute
220 * @param attribute the name of the attribute to delegate
221 * @param subject the subject of the delegation
222 * @param delegated_attribute the name of the attribute that is delegated to
223 * @return handle to the queued request
225 struct GNUNET_CREDENTIAL_Request *
226 GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
227 struct GNUNET_IDENTITY_Ego *issuer,
228 const char *attribute,
229 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
230 const char *delegated_attribute,
231 GNUNET_CREDENTIAL_DelegateResultProcessor proc,
235 * Remove a delegation
237 * @param handle handle to the Credential service
238 * @param issuer the ego that was used to delegate the attribute
239 * @param attribute the name of the attribute that is delegated
240 * @return handle to the queued request
242 struct GNUNET_CREDENTIAL_Request *
243 GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
244 struct GNUNET_IDENTITY_Ego *issuer,
245 const char *attribute,
246 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
252 * Issue an attribute to a subject
254 * @param handle handle to the Credential service
255 * @param issuer the ego that should be used to issue the attribute
256 * @param subject the subject of the attribute
257 * @param attribute the name of the attribute
258 * @param expiration the TTL of the credential
259 * @return handle to the queued request
261 struct GNUNET_CREDENTIAL_CredentialRecordData *
262 GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
263 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
264 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
265 const char *attribute,
266 struct GNUNET_TIME_Absolute *expiration);
270 * Remove a credential
272 * @param handle handle to the Credential service
273 * @param issuer the identity that issued the credential
274 * @param subject the subject of the credential
275 * @param credential the name of the credential
276 * @return handle to the queued request
279 struct GNUNET_CREDENTIAL_IssueRequest *
280 GNUNET_CREDENTIAL_remove (struct GNUNET_CREDENTIAL_Handle *handle,
281 struct GNUNET_IDENTITY_Ego *issuer,
282 struct GNUNET_IDENTITY_Ego *subject,
283 const char *credential,
284 GNUNET_CREDENTIAL_IssueResultProcessor proc,
290 * Cancel pending lookup request
292 * @param lr the lookup request to cancel
295 GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr);
298 #if 0 /* keep Emacsens' auto-indent happy */
307 /** @} */ /* end of group */
projects / oweals / gnunet.git / blob