2 This file is part of GNUnet.
3 Copyright (C) 2016 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @author Martin Schanzenbach
25 * reclaim service; implements identity and personal data sharing
28 * @defgroup reclaim service
31 #ifndef GNUNET_RECLAIM_SERVICE_H
32 #define GNUNET_RECLAIM_SERVICE_H
36 #if 0 /* keep Emacsens' auto-indent happy */
41 #include "gnunet_reclaim_lib.h"
42 #include "gnunet_util_lib.h"
45 * Version number of the re:claimID API.
47 #define GNUNET_RECLAIM_VERSION 0x00000001
50 * Opaque handle to access the service.
52 struct GNUNET_RECLAIM_Handle;
56 * Opaque handle for an operation at the re:claimID service.
58 struct GNUNET_RECLAIM_Operation;
62 * The authorization ticket. This ticket is meant to be transferred
63 * out of band to a relying party.
64 * The contents of a ticket must be protected and should be treated as a
65 * shared secret between user and relying party.
67 struct GNUNET_RECLAIM_Ticket
70 * The ticket issuer (= the user)
72 struct GNUNET_CRYPTO_EcdsaPublicKey identity;
75 * The ticket audience (= relying party)
77 struct GNUNET_CRYPTO_EcdsaPublicKey audience;
80 * The ticket random identifier
82 struct GNUNET_RECLAIM_Identifier rnd;
87 * Method called when a token has been issued.
88 * On success returns a ticket that can be given to a relying party
89 * in order for it retrive identity attributes
92 * @param ticket the ticket
94 typedef void (*GNUNET_RECLAIM_TicketCallback) (
95 void *cls, const struct GNUNET_RECLAIM_Ticket *ticket);
99 * Continuation called to notify client about result of the
102 * @param cls The callback closure
103 * @param success #GNUNET_SYSERR on failure
104 * @param emsg NULL on success, otherwise an error message
106 typedef void (*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
111 * Callback used to notify the client of attribute results.
113 * @param cls The callback closure
114 * @param identity The identity authoritative over the attributes
115 * @param attr The attribute
116 * @param attestation The attestation for the attribute (may be NULL)
118 typedef void (*GNUNET_RECLAIM_AttributeResult) (
119 void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
120 const struct GNUNET_RECLAIM_Attribute *attr);
123 * Callback used to notify the client of attribute results.
125 * @param cls The callback closure
126 * @param identity The identity authoritative over the attributes
127 * @param attr The attribute
128 * @param attestation The attestation for the attribute (may be NULL)
130 typedef void (*GNUNET_RECLAIM_AttributeTicketResult) (
131 void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
132 const struct GNUNET_RECLAIM_Attribute *attr,
133 const struct GNUNET_RECLAIM_Attestation *attestation);
137 * Callback used to notify the client of attestation results.
139 * @param cls The callback closure
140 * @param identity The identity authoritative over the attributes
141 * @param attestation The attestation
142 * @param attributes the parsed attributes
144 typedef void (*GNUNET_RECLAIM_AttestationResult) (
145 void *cls, const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
146 const struct GNUNET_RECLAIM_Attestation *attestation,
147 const struct GNUNET_RECLAIM_AttributeList *attributes);
151 * Connect to the re:claimID service.
153 * @param cfg Configuration to contact the re:claimID service.
154 * @return handle to communicate with the service
156 struct GNUNET_RECLAIM_Handle *
157 GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
161 * Store an attribute. If the attribute is already present,
162 * it is replaced with the new attribute.
164 * @param h handle to the reclaim service
165 * @param pkey Private key of the identity to add an attribute to
166 * @param attr The attribute
167 * @param exp_interval The relative expiration interval for the attribute
168 * @param cont Continuation to call when done
169 * @param cont_cls Closure for @a cont
170 * @return handle Used to to abort the request
172 struct GNUNET_RECLAIM_Operation *
173 GNUNET_RECLAIM_attribute_store (
174 struct GNUNET_RECLAIM_Handle *h,
175 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
176 const struct GNUNET_RECLAIM_Attribute *attr,
177 const struct GNUNET_TIME_Relative *exp_interval,
178 GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
182 * Store an attestation. If the attestation is already present,
183 * it is replaced with the new attestation.
185 * @param h handle to the re:claimID service
186 * @param pkey private key of the identity
187 * @param attr the attestation value
188 * @param exp_interval the relative expiration interval for the attestation
189 * @param cont continuation to call when done
190 * @param cont_cls closure for @a cont
191 * @return handle to abort the request
193 struct GNUNET_RECLAIM_Operation *
194 GNUNET_RECLAIM_attestation_store (
195 struct GNUNET_RECLAIM_Handle *h,
196 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
197 const struct GNUNET_RECLAIM_Attestation *attestation,
198 const struct GNUNET_TIME_Relative *exp_interval,
199 GNUNET_RECLAIM_ContinuationWithStatus cont,
204 * Delete an attribute. Tickets used to share this attribute are updated
207 * @param h handle to the re:claimID service
208 * @param pkey Private key of the identity to add an attribute to
209 * @param attr The attribute
210 * @param cont Continuation to call when done
211 * @param cont_cls Closure for @a cont
212 * @return handle Used to to abort the request
214 struct GNUNET_RECLAIM_Operation *
215 GNUNET_RECLAIM_attribute_delete (
216 struct GNUNET_RECLAIM_Handle *h,
217 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
218 const struct GNUNET_RECLAIM_Attribute *attr,
219 GNUNET_RECLAIM_ContinuationWithStatus cont, void *cont_cls);
222 * Delete an attestation. Tickets used to share this attestation are updated
225 * @param h handle to the re:claimID service
226 * @param pkey Private key of the identity to add an attribute to
227 * @param attr The attestation
228 * @param cont Continuation to call when done
229 * @param cont_cls Closure for @a cont
230 * @return handle Used to to abort the request
232 struct GNUNET_RECLAIM_Operation *
233 GNUNET_RECLAIM_attestation_delete (
234 struct GNUNET_RECLAIM_Handle *h,
235 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
236 const struct GNUNET_RECLAIM_Attestation *attr,
237 GNUNET_RECLAIM_ContinuationWithStatus cont,
241 * List all attributes for a local identity.
242 * This MUST lock the `struct GNUNET_RECLAIM_Handle`
243 * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
244 * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
245 * immediately, and then again after
246 * #GNUNET_RECLAIM_get_attributes_next() is invoked.
248 * On error (disconnect), @a error_cb will be invoked.
249 * On normal completion, @a finish_cb proc will be
252 * @param h Handle to the re:claimID service
253 * @param identity Identity to iterate over
254 * @param error_cb Function to call on error (i.e. disconnect),
255 * the handle is afterwards invalid
256 * @param error_cb_cls Closure for @a error_cb
257 * @param proc Function to call on each attribute
258 * @param proc_cls Closure for @a proc
259 * @param finish_cb Function to call on completion
260 * the handle is afterwards invalid
261 * @param finish_cb_cls Closure for @a finish_cb
262 * @return an iterator Handle to use for iteration
264 struct GNUNET_RECLAIM_AttributeIterator *
265 GNUNET_RECLAIM_get_attributes_start (
266 struct GNUNET_RECLAIM_Handle *h,
267 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
268 GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
269 GNUNET_RECLAIM_AttributeResult proc, void *proc_cls,
270 GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
274 * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
275 * for the next record.
277 * @param it The iterator
280 GNUNET_RECLAIM_get_attributes_next (
281 struct GNUNET_RECLAIM_AttributeIterator *it);
285 * Stops iteration and releases the handle for further calls. Must
286 * be called on any iteration that has not yet completed prior to calling
287 * #GNUNET_RECLAIM_disconnect.
289 * @param it the iterator
292 GNUNET_RECLAIM_get_attributes_stop (
293 struct GNUNET_RECLAIM_AttributeIterator *it);
297 * List all attestations for a local identity.
298 * This MUST lock the `struct GNUNET_RECLAIM_Handle`
299 * for any other calls than #GNUNET_RECLAIM_get_attestations_next() and
300 * #GNUNET_RECLAIM_get_attestations_stop. @a proc will be called once
301 * immediately, and then again after
302 * #GNUNET_RECLAIM_get_attestations_next() is invoked.
304 * On error (disconnect), @a error_cb will be invoked.
305 * On normal completion, @a finish_cb proc will be
308 * @param h Handle to the re:claimID service
309 * @param identity Identity to iterate over
310 * @param error_cb Function to call on error (i.e. disconnect),
311 * the handle is afterwards invalid
312 * @param error_cb_cls Closure for @a error_cb
313 * @param proc Function to call on each attestation
314 * @param proc_cls Closure for @a proc
315 * @param finish_cb Function to call on completion
316 * the handle is afterwards invalid
317 * @param finish_cb_cls Closure for @a finish_cb
318 * @return an iterator Handle to use for iteration
320 struct GNUNET_RECLAIM_AttestationIterator *
321 GNUNET_RECLAIM_get_attestations_start (
322 struct GNUNET_RECLAIM_Handle *h,
323 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
324 GNUNET_SCHEDULER_TaskCallback error_cb,
326 GNUNET_RECLAIM_AttestationResult proc,
328 GNUNET_SCHEDULER_TaskCallback finish_cb,
329 void *finish_cb_cls);
333 * Calls the record processor specified in #GNUNET_RECLAIM_get_attestation_start
334 * for the next record.
336 * @param it the iterator
339 GNUNET_RECLAIM_get_attestations_next (struct GNUNET_RECLAIM_AttestationIterator *ait);
343 * Stops iteration and releases the handle for further calls. Must
344 * be called on any iteration that has not yet completed prior to calling
345 * #GNUNET_RECLAIM_disconnect.
347 * @param it the iterator
350 GNUNET_RECLAIM_get_attestations_stop (struct GNUNET_RECLAIM_AttestationIterator *ait);
354 * Issues a ticket to a relying party. The identity may use
355 * GNUNET_RECLAIM_ticket_consume to consume the ticket
356 * and retrieve the attributes specified in the attribute list.
358 * @param h the identity provider to use
359 * @param iss the issuing identity (= the user)
360 * @param rp the subject of the ticket (= the relying party)
361 * @param attrs the attributes that the relying party is given access to
362 * @param cb the callback
363 * @param cb_cls the callback closure
364 * @return handle to abort the operation
366 struct GNUNET_RECLAIM_Operation *
367 GNUNET_RECLAIM_ticket_issue (
368 struct GNUNET_RECLAIM_Handle *h,
369 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
370 const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
371 const struct GNUNET_RECLAIM_AttributeList *attrs,
372 GNUNET_RECLAIM_TicketCallback cb, void *cb_cls);
376 * Revoked an issued ticket. The relying party will be unable to retrieve
377 * attributes. Other issued tickets remain unaffected.
378 * This includes tickets issued to other relying parties as well as to
379 * other tickets issued to the audience specified in this ticket.
381 * @param h the identity provider to use
382 * @param identity the issuing identity
383 * @param ticket the ticket to revoke
384 * @param cb the callback
385 * @param cb_cls the callback closure
386 * @return handle to abort the operation
388 struct GNUNET_RECLAIM_Operation *
389 GNUNET_RECLAIM_ticket_revoke (
390 struct GNUNET_RECLAIM_Handle *h,
391 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
392 const struct GNUNET_RECLAIM_Ticket *ticket,
393 GNUNET_RECLAIM_ContinuationWithStatus cb, void *cb_cls);
397 * Consumes an issued ticket. The ticket is used to retrieve identity
398 * information from the issuer
400 * @param h the identity provider to use
401 * @param identity the identity that is the subject of the issued ticket (the
403 * @param ticket the issued ticket to consume
404 * @param cb the callback to call
405 * @param cb_cls the callback closure
406 * @return handle to abort the operation
408 struct GNUNET_RECLAIM_Operation *
409 GNUNET_RECLAIM_ticket_consume (
410 struct GNUNET_RECLAIM_Handle *h,
411 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
412 const struct GNUNET_RECLAIM_Ticket *ticket,
413 GNUNET_RECLAIM_AttributeTicketResult cb, void *cb_cls);
417 * Lists all tickets that have been issued to remote
418 * identites (relying parties)
420 * @param h the identity provider to use
421 * @param identity the issuing identity
422 * @param error_cb function to call on error (i.e. disconnect),
423 * the handle is afterwards invalid
424 * @param error_cb_cls closure for @a error_cb
425 * @param proc function to call on each ticket; it
426 * will be called repeatedly with a value (if available)
427 * @param proc_cls closure for @a proc
428 * @param finish_cb function to call on completion
429 * the handle is afterwards invalid
430 * @param finish_cb_cls closure for @a finish_cb
431 * @return an iterator handle to use for iteration
433 struct GNUNET_RECLAIM_TicketIterator *
434 GNUNET_RECLAIM_ticket_iteration_start (
435 struct GNUNET_RECLAIM_Handle *h,
436 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
437 GNUNET_SCHEDULER_TaskCallback error_cb, void *error_cb_cls,
438 GNUNET_RECLAIM_TicketCallback proc, void *proc_cls,
439 GNUNET_SCHEDULER_TaskCallback finish_cb, void *finish_cb_cls);
443 * Calls the ticket processor specified in
444 * #GNUNET_RECLAIM_ticket_iteration_start for the next record.
446 * @param it the iterator
449 GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it);
453 * Stops iteration and releases the handle for further calls. Must
454 * be called on any iteration that has not yet completed prior to calling
455 * #GNUNET_RECLAIM_disconnect.
457 * @param it the iterator
460 GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it);
464 * Disconnect from identity provider service.
466 * @param h identity provider service to disconnect
469 GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h);
473 * Cancel an identity provider operation. Note that the operation MAY still
474 * be executed; this merely cancels the continuation; if the request
475 * was already transmitted, the service may still choose to complete
478 * @param op operation to cancel
481 GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op);
484 #if 0 /* keep Emacsens' auto-indent happy */
492 /* ifndef GNUNET_RECLAIM_SERVICE_H */
495 /** @} */ /* end of group reclaim */
497 /* end of gnunet_reclaim_service.h */