1 // Copyright 2015 The Weave Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBUWEAVE_SRC_MACAROON_CAVEAT_H_ 6 #define LIBUWEAVE_SRC_MACAROON_CAVEAT_H_ 7 8 #include <stdbool.h> 9 #include <stddef.h> 10 #include <stdint.h> 11 12 typedef struct { 13 size_t num_bytes; 14 const uint8_t* bytes; 15 } UwMacaroonCaveat; 16 17 typedef enum { 18 kUwMacaroonCaveatTypeNonce = 0, // bstr 19 kUwMacaroonCaveatTypeScope = 1, // uint 20 kUwMacaroonCaveatTypeExpirationAbsolute = 5, // uint 21 kUwMacaroonCaveatTypeTTL1Hour = 6, // no value 22 kUwMacaroonCaveatTypeTTL24Hour = 7, // no value 23 kUwMacaroonCaveatTypeDelegationTimestamp = 8, // uint 24 25 kUwMacaroonCaveatTypeDelegateeUser = 9, // bstr 26 kUwMacaroonCaveatTypeDelegateeApp = 10, // bstr 27 kUwMacaroonCaveatTypeDelegateeService = 12, // bstr 28 29 kUwMacaroonCaveatTypeAppCommandsOnly = 11, // no value 30 kUwMacaroonCaveatTypeBleSessionID = 16, // no value 31 kUwMacaroonCaveatTypeLanSessionID = 17, // bstr 32 kUwMacaroonCaveatTypeClientAuthorizationTokenV1 = 8193, // bstr (0x2001) 33 kUwMacaroonCaveatTypeServerAuthenticationTokenV1 = 12289, // bstr (0x3001) 34 } UwMacaroonCaveatType; 35 36 typedef enum { 37 kUwMacaroonCaveatScopeTypeOwner = 2, 38 kUwMacaroonCaveatScopeTypeManager = 8, 39 kUwMacaroonCaveatScopeTypeUser = 14, 40 kUwMacaroonCaveatScopeTypeViewer = 20, 41 } UwMacaroonCaveatScopeType; 42 43 // For security sanity checks 44 #define UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE 127 45 46 /** Compute the buffer sizes that are enough for caveat creation functions. */ 47 size_t uw_macaroon_caveat_creation_get_buffsize_(UwMacaroonCaveatType type, 48 size_t str_len); 49 50 // Caveat creation functions 51 bool uw_macaroon_caveat_create_nonce_(const uint8_t* nonce, 52 size_t nonce_size, 53 uint8_t* buffer, 54 size_t buffer_size, 55 UwMacaroonCaveat* new_caveat); 56 bool uw_macaroon_caveat_create_scope_(UwMacaroonCaveatScopeType scope, 57 uint8_t* buffer, 58 size_t buffer_size, 59 UwMacaroonCaveat* new_caveat); 60 bool uw_macaroon_caveat_create_expiration_absolute_( 61 uint32_t expiration_time, 62 uint8_t* buffer, 63 size_t buffer_size, 64 UwMacaroonCaveat* new_caveat); 65 bool uw_macaroon_caveat_create_ttl_1_hour_(uint8_t* buffer, 66 size_t buffer_size, 67 UwMacaroonCaveat* new_caveat); 68 bool uw_macaroon_caveat_create_ttl_24_hour_(uint8_t* buffer, 69 size_t buffer_size, 70 UwMacaroonCaveat* new_caveat); 71 bool uw_macaroon_caveat_create_delegation_timestamp_( 72 uint32_t timestamp, 73 uint8_t* buffer, 74 size_t buffer_size, 75 UwMacaroonCaveat* new_caveat); 76 bool uw_macaroon_caveat_create_delegatee_user_(const uint8_t* id_str, 77 size_t id_str_len, 78 uint8_t* buffer, 79 size_t buffer_size, 80 UwMacaroonCaveat* new_caveat); 81 bool uw_macaroon_caveat_create_delegatee_app_(const uint8_t* id_str, 82 size_t id_str_len, 83 uint8_t* buffer, 84 size_t buffer_size, 85 UwMacaroonCaveat* new_caveat); 86 bool uw_macaroon_caveat_create_delegatee_service_(const uint8_t* id_str, 87 size_t id_str_len, 88 uint8_t* buffer, 89 size_t buffer_size, 90 UwMacaroonCaveat* new_caveat); 91 bool uw_macaroon_caveat_create_app_commands_only_(uint8_t* buffer, 92 size_t buffer_size, 93 UwMacaroonCaveat* new_caveat); 94 bool uw_macaroon_caveat_create_ble_session_id_(uint8_t* buffer, 95 size_t buffer_size, 96 UwMacaroonCaveat* new_caveat); 97 bool uw_macaroon_caveat_create_lan_session_id_(const uint8_t* session_id, 98 size_t session_id_len, 99 uint8_t* buffer, 100 size_t buffer_size, 101 UwMacaroonCaveat* new_caveat); 102 103 // The string values for these two token types are optional. 104 // Use str_len = 0 to indicate creating the caveats without string values. 105 bool uw_macaroon_caveat_create_client_authorization_token_( 106 const uint8_t* str, 107 size_t str_len, 108 uint8_t* buffer, 109 size_t buffer_size, 110 UwMacaroonCaveat* new_caveat); 111 bool uw_macaroon_caveat_create_server_authentication_token_( 112 const uint8_t* str, 113 size_t str_len, 114 uint8_t* buffer, 115 size_t buffer_size, 116 UwMacaroonCaveat* new_caveat); 117 118 /** Get the type for the given caveat. */ 119 bool uw_macaroon_caveat_get_type_(const UwMacaroonCaveat* caveat, 120 UwMacaroonCaveatType* type); 121 122 #endif // LIBUWEAVE_SRC_MACAROON_CAVEAT_H_ 123
