aboutsummaryrefslogtreecommitdiff
path: root/src/identity-provider/identity_token.h
blob: 5d5634111f369e2115b1309384f90969fa137ba0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
/*
   This file is part of GNUnet.
   Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors)

   GNUnet is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published
   by the Free Software Foundation; either version 3, or (at your
   option) any later version.

   GNUnet is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with GNUnet; see the file COPYING.  If not, write to the
   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
   Boston, MA 02110-1301, USA.
   */
/**
 * @author Martin Schanzenbach
 * @file include/gnunet_identity_provider_lib.h
 * @brief GNUnet Identity Provider library
 *
 */
#ifndef IDENTITY_TOKEN_H
#define IDENTITY_TOKEN_H

#include "gnunet_crypto_lib.h"
#include <jansson.h>

struct IdentityToken
{
  /**
   * DLL
   */
  struct TokenAttr *attr_head;

  /**
   * DLL
   */
  struct TokenAttr *attr_tail;

  /**
   * Token Signature
   */
  struct GNUNET_CRYPTO_EcdsaSignature signature;
  
  /**
   * Audience Pubkey
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
};

struct TokenAttr
{
  /**
   * DLL
   */
  struct TokenAttr *next;

  /**
   * DLL
   */
  struct TokenAttr *prev;

  /**
   * Attribute name
   */
  char *name;

  /**
   * Attribute value DLL
   */
  struct TokenAttrValue *val_head;

  /**
   * Attribute value DLL
   */
  struct TokenAttrValue *val_tail;

};

struct TokenAttrValue
{
  /**
   * DLL
   */
  struct TokenAttrValue *next;

  /**
   * DLL
   */
  struct TokenAttrValue *prev;

  /**
   * Attribute value
   */
  char *value;

  /**
   * Attribute int value
   * used if NULL == value
   */
  uint64_t int_value;
};

struct TokenTicketPayload
{
  /**
   * Nonce
   */
  char* nonce;

  /**
   * Label
   */
  char *label;

  /**
   * Issuing Identity
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey identity_key;
};


struct TokenTicket
{
  /**
   * Meta info
   */
  struct TokenTicketPayload *payload;

  /**
   * ECDH Pubkey
   */
  struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;

  /**
   * Signature
   */
  struct GNUNET_CRYPTO_EcdsaSignature signature;

  /**
   * Target identity
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
};



/**
 * Create an identity token
 *
 * @param iss the issuer string for the token
 * @param aud the audience of the token
 *
 * @return a new token
 */
struct IdentityToken*
token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss,
                                       const struct GNUNET_CRYPTO_EcdsaPublicKey* aud);

/**
 * Destroy an identity token
 *
 * @param token the token to destroy
 */
void
token_destroy (struct IdentityToken*token);

/**
 * Add a new key value pair to the token
 * 
 * @param token the token to modify
 * @param key the key
 * @param value the value
 */
void
token_add_attr (struct IdentityToken *token,
                const char* key,
                const char* value);

/**
 * Add a new key value pair to the token
 * 
 * @param token the token to modify
 * @param key the key
 * @param value the value
 */
void
token_add_attr_int (struct IdentityToken *token,
                      const char* key,
                      uint64_t value);



/**
 * Add a value to a TokenAttribute
 *
 * @param attr the token attribute
 * @param value value to add
 */
  void
  token_attr_add_value (const struct TokenAttr *attr,
                        const char *value);

/**
 * Add a new key value pair to the token with the value as json
 *
 * @param the token to modify
 * @param key the key
 * @param value the value
 *
 */
  void
  token_add_json (const struct IdentityToken *token,
                  const char* key,
                  json_t* value);

/**
 * Serialize a token. The token will be signed and base64 according to the
 * JWT format. The signature is base32-encoded ECDSA.
 * The resulting JWT is encrypted using 
 * ECDHE for the audience and Base64
 * encoded in result. The audience requires the ECDHE public key P 
 * to decrypt the token T. The key P is included in the result and prepended
 * before the token
 *
 * @param token the token to serialize
 * @param priv_key the private key used to sign the token
 * @param ecdhe_privkey the ECDHE private key used to encrypt the token
 * @param result P,Base64(E(T))
 *
 * @return GNUNET_OK on success
 */
  int 
  token_serialize (const struct IdentityToken*token,
                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
                   struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
                   char **result);

/**
 * Parses the serialized token and returns a token
 *
 * @param data the serialized token
 * @param priv_key the private key of the audience
 * @param result the token
 *
 * @return GNUNET_OK on success
 */
               int
               token_parse (const char* data,
                            const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
                            struct IdentityToken **result);

/**
 * Parses the serialized token and returns a token
 * This variant is intended for the party that issued the token and also
 * wants to decrypt the serialized token.
 *
 * @param data the serialized token
 * @param priv_key the private (!) ECDHE key
 * @param aud_key the identity of the audience
 * @param result the token
 *
 * @return GNUNET_OK on success
 */
int
token_parse2 (const char* data,
              const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
              const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
              struct IdentityToken **result);


/**
 *
 * Returns a JWT-string representation of the token
 *
 * @param token the token
 * @param priv_key the private key used to sign the JWT
 * @param result the JWT
 *
 * @return GNUNET_OK on success
 */
  int
  token_to_string (const struct IdentityToken *token,
                   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
                   char **result);

/**
 *
 * Creates a ticket that can be exchanged by the audience for 
 * the token. The token must be placed under the label
 *
 * @param nonce_str nonce provided by the audience that requested the ticket
 * @param iss_pkey the issuer pubkey used to sign the ticket
 * @param label the label encoded in the ticket
 * @param aud_ley the audience pubkey used to encrypt the ticket payload
 *
 * @return the ticket
 */
struct TokenTicket*
ticket_create (const char* nonce_str,
               const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
               const char* lbl_str,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);

/**
 * Serialize a ticket. Returns the Base64 representation of the ticket.
 * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
 *
 * @param ticket the ticket to serialize
 * @param priv_key the issuer private key to sign the ticket payload
 * @param result the serialized ticket
 *
 * @return GNUNET_OK on success
 */
  int
  ticket_serialize (struct TokenTicket *ticket,
                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
                    char **result);

/**
 * Destroys a ticket
 *
 * @param the ticket to destroy
 */
void
ticket_destroy (struct TokenTicket *ticket);

/**
 * Parses a serialized ticket
 *
 * @param data the serialized ticket
 * @param priv_key the audience private key
 * @param ticket the ticket
 *
 * @return GNUNET_OK on success
 */
int
ticket_parse (const char* raw_data,
              const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
              struct TokenTicket **ticket);

#endif