Google Git
Sign in
weave / weave / libweave / eed244673d7ce446ea4bdf2ed3157f03d7e973a8 / . / third_party / libuweave / src / macaroon_caveat.h
blob: 5250ac143ba40ab291ea5f0cecbd77ee8e973c36 [file] [log] [blame]
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]1// Copyright 2015 The Weave Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
6#define LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
7
8#include <stdbool.h>
9#include <stddef.h>
10#include <stdint.h>
11
12typedef struct {
13 size_t num_bytes;
14 const uint8_t* bytes;
15} UwMacaroonCaveat;
16
17typedef enum {
Vitaly Bukad74a7322016-01-27 18:39:36 -0800[diff] [blame]18 kUwMacaroonCaveatTypeNonce = 0, // bstr
19 kUwMacaroonCaveatTypeScope = 1, // uint
20 kUwMacaroonCaveatTypeExpirationAbsolute = 5, // uint
21 kUwMacaroonCaveatTypeTTL1Hour = 6, // no value
22 kUwMacaroonCaveatTypeTTL24Hour = 7, // no value
23 kUwMacaroonCaveatTypeDelegationTimestamp = 8, // uint
24
25 kUwMacaroonCaveatTypeDelegateeUser = 9, // bstr
26 kUwMacaroonCaveatTypeDelegateeApp = 10, // bstr
Vitaly Bukaf51743b2016-02-09 13:52:36 -0800[diff] [blame]27 kUwMacaroonCaveatTypeDelegateeService = 12, // uint
Vitaly Bukad74a7322016-01-27 18:39:36 -0800[diff] [blame]28
Vitaly Bukaf51743b2016-02-09 13:52:36 -0800[diff] [blame]29 kUwMacaroonCaveatTypeAppCommandsOnly = 11, // no value
30 kUwMacaroonCaveatTypeBleSessionID = 16, // no value
31 kUwMacaroonCaveatTypeLanSessionID = 17, // bstr
32
33 kUwMacaroonCaveatTypeAuthenticationChallenge = 20, // no value
34
Vitaly Buka7d29a5a2016-01-27 14:21:37 -0800[diff] [blame]35 kUwMacaroonCaveatTypeClientAuthorizationTokenV1 = 8193, // bstr (0x2001)
36 kUwMacaroonCaveatTypeServerAuthenticationTokenV1 = 12289, // bstr (0x3001)
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]37} UwMacaroonCaveatType;
38
Vitaly Bukaa37056e2015-12-09 14:53:39 -0800[diff] [blame]39typedef enum {
Vitaly Buka86530d22015-12-09 18:35:31 -0800[diff] [blame]40 kUwMacaroonCaveatScopeTypeOwner = 2,
41 kUwMacaroonCaveatScopeTypeManager = 8,
42 kUwMacaroonCaveatScopeTypeUser = 14,
43 kUwMacaroonCaveatScopeTypeViewer = 20,
Vitaly Bukaa37056e2015-12-09 14:53:39 -0800[diff] [blame]44} UwMacaroonCaveatScopeType;
45
Vitaly Bukaf51743b2016-02-09 13:52:36 -0800[diff] [blame]46typedef enum {
47 kUwMacaroonCaveatCloudServiceIdNotCloudRegistered = 0,
48 kUwMacaroonCaveatCloudServiceIdGoogleWeave = 1,
49} UwMacaroonCaveatCloudServiceId;
50
Vitaly Buka08be74d2016-02-02 15:25:09 -0800[diff] [blame]51// For security sanity checks
52#define UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE 127
53
Vitaly Buka7d29a5a2016-01-27 14:21:37 -0800[diff] [blame]54/** Compute the buffer sizes that are enough for caveat creation functions. */
55size_t uw_macaroon_caveat_creation_get_buffsize_(UwMacaroonCaveatType type,
56 size_t str_len);
57
58// Caveat creation functions
59bool uw_macaroon_caveat_create_nonce_(const uint8_t* nonce,
60 size_t nonce_size,
61 uint8_t* buffer,
62 size_t buffer_size,
63 UwMacaroonCaveat* new_caveat);
64bool uw_macaroon_caveat_create_scope_(UwMacaroonCaveatScopeType scope,
65 uint8_t* buffer,
66 size_t buffer_size,
67 UwMacaroonCaveat* new_caveat);
68bool uw_macaroon_caveat_create_expiration_absolute_(
69 uint32_t expiration_time,
70 uint8_t* buffer,
71 size_t buffer_size,
72 UwMacaroonCaveat* new_caveat);
73bool uw_macaroon_caveat_create_ttl_1_hour_(uint8_t* buffer,
74 size_t buffer_size,
75 UwMacaroonCaveat* new_caveat);
76bool uw_macaroon_caveat_create_ttl_24_hour_(uint8_t* buffer,
77 size_t buffer_size,
78 UwMacaroonCaveat* new_caveat);
79bool uw_macaroon_caveat_create_delegation_timestamp_(
80 uint32_t timestamp,
81 uint8_t* buffer,
82 size_t buffer_size,
83 UwMacaroonCaveat* new_caveat);
84bool uw_macaroon_caveat_create_delegatee_user_(const uint8_t* id_str,
85 size_t id_str_len,
86 uint8_t* buffer,
87 size_t buffer_size,
88 UwMacaroonCaveat* new_caveat);
89bool uw_macaroon_caveat_create_delegatee_app_(const uint8_t* id_str,
90 size_t id_str_len,
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]91 uint8_t* buffer,
92 size_t buffer_size,
93 UwMacaroonCaveat* new_caveat);
Vitaly Bukaf51743b2016-02-09 13:52:36 -0800[diff] [blame]94
95bool uw_macaroon_caveat_create_delegatee_service_(
96 UwMacaroonCaveatCloudServiceId service_id,
97 uint8_t* buffer,
98 size_t buffer_size,
99 UwMacaroonCaveat* new_caveat);
100
Vitaly Buka7d29a5a2016-01-27 14:21:37 -0800[diff] [blame]101bool uw_macaroon_caveat_create_app_commands_only_(uint8_t* buffer,
102 size_t buffer_size,
103 UwMacaroonCaveat* new_caveat);
104bool uw_macaroon_caveat_create_ble_session_id_(uint8_t* buffer,
105 size_t buffer_size,
106 UwMacaroonCaveat* new_caveat);
107bool uw_macaroon_caveat_create_lan_session_id_(const uint8_t* session_id,
108 size_t session_id_len,
109 uint8_t* buffer,
110 size_t buffer_size,
111 UwMacaroonCaveat* new_caveat);
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]112
Vitaly Bukaf51743b2016-02-09 13:52:36 -0800[diff] [blame]113bool uw_macaroon_caveat_create_authentication_challenge_(
114 uint8_t* buffer,
115 size_t buffer_size,
116 UwMacaroonCaveat* new_caveat);
117
Vitaly Buka7d29a5a2016-01-27 14:21:37 -0800[diff] [blame]118// The string values for these two token types are optional.
119// Use str_len = 0 to indicate creating the caveats without string values.
120bool uw_macaroon_caveat_create_client_authorization_token_(
121 const uint8_t* str,
122 size_t str_len,
123 uint8_t* buffer,
124 size_t buffer_size,
125 UwMacaroonCaveat* new_caveat);
126bool uw_macaroon_caveat_create_server_authentication_token_(
127 const uint8_t* str,
128 size_t str_len,
129 uint8_t* buffer,
130 size_t buffer_size,
131 UwMacaroonCaveat* new_caveat);
132
133/** Get the type for the given caveat. */
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]134bool uw_macaroon_caveat_get_type_(const UwMacaroonCaveat* caveat,
135 UwMacaroonCaveatType* type);
Vitaly Buka45dc9df2015-12-07 21:30:19 -0800[diff] [blame]136
137#endif // LIBUWEAVE_SRC_MACAROON_CAVEAT_H_