| // Copyright 2015 The Weave Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef LIBUWEAVE_SRC_MACAROON_H_ |
| #define LIBUWEAVE_SRC_MACAROON_H_ |
| |
| #include <stdbool.h> |
| #include <stddef.h> |
| #include <stdint.h> |
| |
| #include "src/macaroon_caveat.h" |
| #include "src/macaroon_context.h" |
| |
| #define UW_MACAROON_MAC_LEN 16 |
| |
| // Note: If we are looking to make memory savings on MCUs, |
| // at the cost of a little extra processing, we can make |
| // the macaroon encoding the actual in-memory representation. |
| // This can save much copying of macaroon data if need be. |
| typedef struct { |
| uint8_t mac_tag[UW_MACAROON_MAC_LEN]; |
| size_t num_caveats; |
| const UwMacaroonCaveat* const* caveats; |
| } UwMacaroon; |
| |
| // For the delegatee list in the validation result object |
| typedef enum { |
| kUwMacaroonDelegateeTypeNone = 0, |
| kUwMacaroonDelegateeTypeUser = 1, |
| kUwMacaroonDelegateeTypeApp = 2, |
| kUwMacaroonDelegateeTypeService = 3, |
| } UwMacaroonDelegateeType; |
| |
| typedef struct { |
| UwMacaroonDelegateeType type; |
| const uint8_t* id; |
| size_t id_len; |
| UwMacaroonCaveatCloudServiceId service_id; // Only for cloud services |
| uint32_t timestamp; |
| } UwMacaroonDelegateeInfo; |
| |
| #define MAX_NUM_DELEGATEES 10 |
| |
| typedef struct { |
| UwMacaroonCaveatScopeType granted_scope; |
| uint32_t expiration_time; |
| bool weave_app_restricted; |
| const uint8_t* lan_session_id; |
| size_t lan_session_id_len; |
| UwMacaroonDelegateeInfo delegatees[MAX_NUM_DELEGATEES]; |
| size_t num_delegatees; |
| } UwMacaroonValidationResult; |
| |
| bool uw_macaroon_create_from_root_key_(UwMacaroon* new_macaroon, |
| const uint8_t* root_key, |
| size_t root_key_len, |
| const UwMacaroonContext* context, |
| const UwMacaroonCaveat* const caveats[], |
| size_t num_caveats); |
| |
| /** Creates a new macaroon with a new caveat. */ |
| bool uw_macaroon_extend_(const UwMacaroon* old_macaroon, |
| UwMacaroon* new_macaroon, |
| const UwMacaroonContext* context, |
| const UwMacaroonCaveat* additional_caveat, |
| uint8_t* buffer, |
| size_t buffer_size); |
| |
| /** |
| * Verify and validate the Macaroon, and put relevant information into the |
| * result object. Note that the resulting granted_scope will be the closest |
| * valid scope type (to the narrower side) defined in macaroon_caveat.h. |
| */ |
| bool uw_macaroon_validate_(const UwMacaroon* macaroon, |
| const uint8_t* root_key, |
| size_t root_key_len, |
| const UwMacaroonContext* context, |
| UwMacaroonValidationResult* result); |
| |
| /** Encode a Macaroon to a byte string. */ |
| bool uw_macaroon_serialize_(const UwMacaroon* macaroon, |
| uint8_t* out, |
| size_t out_len, |
| size_t* resulting_str_len); |
| |
| /** |
| * Decodes a byte string to a Macaroon. |
| * |
| * One note is that the function doesn't copy string values to new buffers, so |
| * the caller must maintain the input string around to make caveats with string |
| * values to be usable. |
| */ |
| bool uw_macaroon_deserialize_(const uint8_t* in, |
| size_t in_len, |
| uint8_t* buffer, |
| size_t buffer_size, |
| UwMacaroon* new_macaroon); |
| |
| #endif // LIBUWEAVE_SRC_MACAROON_H_ |
