1 // Copyright 2015 The Weave Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBUWEAVE_SRC_MACAROON_H_ 6 #define LIBUWEAVE_SRC_MACAROON_H_ 7 8 #include <stdbool.h> 9 #include <stddef.h> 10 #include <stdint.h> 11 12 #include "src/macaroon_caveat.h" 13 #include "src/macaroon_context.h" 14 15 #define UW_MACAROON_MAC_LEN 16 16 17 // Note: If we are looking to make memory savings on MCUs, 18 // at the cost of a little extra processing, we can make 19 // the macaroon encoding the actual in-memory representation. 20 // This can save much copying of macaroon data if need be. 21 typedef struct { 22 uint8_t mac_tag[UW_MACAROON_MAC_LEN]; 23 size_t num_caveats; 24 const UwMacaroonCaveat* const* caveats; 25 } UwMacaroon; 26 27 // For the delegatee list in the validation result object 28 typedef enum { 29 kUwMacaroonDelegateeTypeNone = 0, 30 kUwMacaroonDelegateeTypeUser = 1, 31 kUwMacaroonDelegateeTypeApp = 2, 32 kUwMacaroonDelegateeTypeService = 3, 33 } UwMacaroonDelegateeType; 34 35 typedef struct { 36 const uint8_t* id; 37 size_t id_len; 38 UwMacaroonDelegateeType type; 39 uint32_t timestamp; 40 } UwMacaroonDelegateeInfo; 41 42 #define MAX_NUM_DELEGATEES 10 43 44 typedef struct { 45 UwMacaroonCaveatScopeType granted_scope; 46 uint32_t expiration_time; 47 bool weave_app_restricted; 48 const uint8_t* lan_session_id; 49 size_t lan_session_id_len; 50 UwMacaroonDelegateeInfo delegatees[MAX_NUM_DELEGATEES]; 51 size_t num_delegatees; 52 } UwMacaroonValidationResult; 53 54 bool uw_macaroon_create_from_root_key_(UwMacaroon* new_macaroon, 55 const uint8_t* root_key, 56 size_t root_key_len, 57 const UwMacaroonContext* context, 58 const UwMacaroonCaveat* const caveats[], 59 size_t num_caveats); 60 61 /** Creates a new macaroon with a new caveat. */ 62 bool uw_macaroon_extend_(const UwMacaroon* old_macaroon, 63 UwMacaroon* new_macaroon, 64 const UwMacaroonContext* context, 65 const UwMacaroonCaveat* additional_caveat, 66 uint8_t* buffer, 67 size_t buffer_size); 68 69 /** 70 * Verify and validate the Macaroon, and put relevant information into the 71 * result object. Note that the resulting granted_scope will be the closest 72 * valid scope type (to the narrower side) defined in macaroon_caveat.h. 73 */ 74 bool uw_macaroon_validate_( 75 const UwMacaroon* macaroon, 76 const uint8_t* root_key, 77 size_t root_key_len, 78 const UwMacaroonContext* context, 79 UwMacaroonValidationResult* result); 80 81 /** Encode a Macaroon to a byte string. */ 82 bool uw_macaroon_serialize_(const UwMacaroon* macaroon, 83 uint8_t* out, 84 size_t out_len, 85 size_t* resulting_str_len); 86 87 /** 88 * Decodes a byte string to a Macaroon. 89 * 90 * One note is that the function doesn't copy string values to new buffers, so 91 * the caller must maintain the input string around to make caveats with string 92 * values to be usable. 93 */ 94 bool uw_macaroon_deserialize_(const uint8_t* in, 95 size_t in_len, 96 uint8_t* buffer, 97 size_t buffer_size, 98 UwMacaroon* new_macaroon); 99 100 #endif // LIBUWEAVE_SRC_MACAROON_H_ 101
