GNUnet 0.21.2
oidc_helper.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet
3 Copyright (C) 2010-2015 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
27#include <inttypes.h>
28#include <jansson.h>
29#include <jose/jose.h>
30#include "gnunet_gns_service.h"
31#include "gnunet_gnsrecord_lib.h"
32#include "gnunet_util_lib.h"
33#include "gnunet_reclaim_lib.h"
34#include "gnunet_reclaim_service.h"
35#include "gnunet_signatures.h"
36#include "oidc_helper.h"
37// #include "benchmark.h"
38#include <gcrypt.h>
39
40GNUNET_NETWORK_STRUCT_BEGIN
41
45struct OIDC_Parameters
46{
50 struct GNUNET_RECLAIM_Ticket ticket;
51
55 uint32_t nonce_len GNUNET_PACKED;
56
60 uint32_t code_challenge_len GNUNET_PACKED;
61
65 uint32_t attr_list_len GNUNET_PACKED;
66
70 uint32_t pres_list_len GNUNET_PACKED;
71};
72
73GNUNET_NETWORK_STRUCT_END
74
78static char OIDC_profile_claims[14][32] = {
79 "name", "family_name", "given_name", "middle_name", "nickname",
80 "preferred_username", "profile", "picture", "website", "gender", "birthdate",
81 "zoneinfo", "locale", "updated_at"
82};
83
87static char OIDC_email_claims[2][16] = {
88 "email", "email_verified"
89};
90
94static char OIDC_phone_claims[2][32] = {
95 "phone_number", "phone_number_verified"
96};
97
101static char OIDC_address_claims[5][32] = {
102 "street_address", "locality", "region", "postal_code", "country"
103};
104
105static enum GNUNET_GenericReturnValue
106is_claim_in_address_scope (const char *claim)
107{
108 int i;
109 for (i = 0; i < 5; i++)
110 {
111 if (0 == strcmp (claim, OIDC_address_claims[i]))
112 {
113 return GNUNET_YES;
114 }
115 }
116 return GNUNET_NO;
117}
118
119
120static char *
121create_jwt_hmac_header (void)
122{
123 json_t *root;
124 char *json_str;
125
126 root = json_object ();
127 json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE_HMAC));
128 json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
129
130 json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT);
131 json_decref (root);
132 return json_str;
133}
134
135
136static void
137replace_char (char *str, char find, char replace)
138{
139 char *current_pos = strchr (str, find);
140
141 while (current_pos)
142 {
143 *current_pos = replace;
144 current_pos = strchr (current_pos, find);
145 }
146}
147
148
149// RFC4648
150static void
151fix_base64 (char *str)
152{
153 // Replace + with -
154 replace_char (str, '+', '-');
155
156 // Replace / with _
157 replace_char (str, '/', '_');
158}
159
160
161static json_t*
162generate_userinfo_json (const struct GNUNET_CRYPTO_PublicKey *sub_key,
163 const struct GNUNET_RECLAIM_AttributeList *attrs,
164 const struct
165 GNUNET_RECLAIM_PresentationList *presentations)
166{
167 struct GNUNET_RECLAIM_AttributeListEntry *le;
168 struct GNUNET_RECLAIM_PresentationListEntry *ple;
169 char *subject;
170 char *source_name;
171 char *attr_val_str;
172 char *pres_val_str;
173 json_t *body;
174 json_t *aggr_names;
175 json_t *aggr_sources;
176 json_t *aggr_sources_jwt;
177 json_t *addr_claim = NULL;
178 int num_presentations = 0;
179 for (le = attrs->list_head; NULL != le; le = le->next)
180 {
181 if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
182 num_presentations++;
183 }
184
185 subject =
186 GNUNET_STRINGS_data_to_string_alloc (sub_key,
187 sizeof(struct
188 GNUNET_CRYPTO_PublicKey));
189 body = json_object ();
190 aggr_names = json_object ();
191 aggr_sources = json_object ();
192
193 // iss REQUIRED case sensitive server uri with https
194 // The issuer is the local reclaim instance (e.g.
195 // https://reclaim.id/api/openid)
196 json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
197 // sub REQUIRED public key identity, not exceed 255 ASCII length
198 json_object_set_new (body, "sub", json_string (subject));
199 GNUNET_free (subject);
200 pres_val_str = NULL;
201 source_name = NULL;
202 int i = 0;
203 for (ple = presentations->list_head; NULL != ple; ple = ple->next)
204 {
205 // New presentation
206 GNUNET_asprintf (&source_name,
207 "src%d",
208 i);
209 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
210 "Adding new presentation source #%d\n", i);
211 aggr_sources_jwt = json_object ();
212 pres_val_str =
213 GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type,
214 ple->presentation->data,
215 ple->presentation->data_size)
216 ;
217 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
218 "Presentation is: %s\n", pres_val_str);
219 json_object_set_new (aggr_sources_jwt,
220 GNUNET_RECLAIM_presentation_number_to_typename (
221 ple->presentation->type),
222 json_string (pres_val_str) );
223 json_object_set_new (aggr_sources, source_name, aggr_sources_jwt);
224 GNUNET_free (pres_val_str);
225 GNUNET_free (source_name);
226 source_name = NULL;
227 i++;
228 }
229
230 int addr_is_aggregated = GNUNET_NO;
231 int addr_is_normal = GNUNET_NO;
232 for (le = attrs->list_head; NULL != le; le = le->next)
233 {
234 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
235 "Processing %s for userinfo body\n",
236 le->attribute->name);
237 if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential))
238 {
239 attr_val_str =
240 GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type,
241 le->attribute->data,
242 le->attribute->data_size);
247 if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name))
248 {
249 if (GNUNET_YES == addr_is_aggregated)
250 {
251 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
252 "Address is set as aggregated claim. Skipping self-issued value...\n");
253 GNUNET_free (attr_val_str);
254 continue;
255 }
256 addr_is_normal = GNUNET_YES;
257
258 if (NULL == addr_claim)
259 {
260 addr_claim = json_object ();
261 json_object_set_new (body, "address", addr_claim);
262 }
263 json_object_set_new (addr_claim, le->attribute->name,
264 json_string (attr_val_str));
265
266 }
267 else
268 {
269 json_object_set_new (body, le->attribute->name,
270 json_string (attr_val_str));
271 }
272 GNUNET_free (attr_val_str);
273 }
274 else
275 {
276 // Check if presentation is there
277 int j = 0;
278 for (ple = presentations->list_head; NULL != ple; ple = ple->next)
279 {
280 if (GNUNET_YES ==
281 GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id,
282 &le->attribute->credential))
283 break;
284 j++;
285 }
286 if (NULL == ple)
287 {
288 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
289 "Presentation for `%s' missing...\n",
290 le->attribute->name);
291 continue;
292 }
297 if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name))
298 {
299 if (GNUNET_YES == addr_is_normal)
300 {
301 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
302 "Address is already set as normal claim. Skipping attested value...\n");
303 continue;
304 }
305 addr_is_aggregated = GNUNET_YES;
307 if (NULL != addr_claim)
308 continue;
309 addr_claim = json_object ();
310 GNUNET_asprintf (&source_name,
311 "src%d",
312 j);
313 json_object_set_new (aggr_names, "address",
314 json_string (source_name));
315 GNUNET_free (source_name);
316 }
317 else
318 {
319 // Presentation exists, hence take the respective source str
320 GNUNET_asprintf (&source_name,
321 "src%d",
322 j);
323 json_object_set_new (aggr_names, le->attribute->name,
324 json_string (source_name));
325 GNUNET_free (source_name);
326 }
327 }
328 }
329 if (0 != i)
330 {
331 json_object_set_new (body, "_claim_names", aggr_names);
332 json_object_set_new (body, "_claim_sources", aggr_sources);
333 }
334
335 return body;
336}
337
338
347char *
348OIDC_generate_userinfo (const struct GNUNET_CRYPTO_PublicKey *sub_key,
349 const struct GNUNET_RECLAIM_AttributeList *attrs,
350 const struct
351 GNUNET_RECLAIM_PresentationList *presentations)
352{
353 char *body_str;
354 json_t*body = generate_userinfo_json (sub_key,
355 attrs,
356 presentations);
357 body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
358 json_decref (body);
359 return body_str;
360}
361
362
363char *
364generate_id_token_body (const char *rp_uri,
365 const struct GNUNET_CRYPTO_PublicKey *sub_key,
366 const struct GNUNET_RECLAIM_AttributeList *attrs,
367 const struct
368 GNUNET_RECLAIM_PresentationList *presentations,
369 const struct GNUNET_TIME_Relative *expiration_time,
370 const char *nonce)
371{
372 struct GNUNET_TIME_Absolute exp_time;
373 struct GNUNET_TIME_Absolute time_now;
374 json_t *body;
375 char *subject;
376 char *body_str;
377
378 body = generate_userinfo_json (sub_key,
379 attrs,
380 presentations);
381 // iat REQUIRED time now
382 time_now = GNUNET_TIME_absolute_get ();
383 // exp REQUIRED time expired from config
384 exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
385 // auth_time only if max_age
386 // nonce only if nonce
387 // OPTIONAL acr,amr,azp
388 subject =
389 GNUNET_STRINGS_data_to_string_alloc (sub_key,
390 sizeof(struct
391 GNUNET_CRYPTO_PublicKey));
392
393 // aud REQUIRED public key client_id must be there
394 json_object_set_new (body, "aud", json_string (rp_uri));
395 // iat
396 json_object_set_new (body,
397 "iat",
398 json_integer (time_now.abs_value_us / (1000 * 1000)));
399 // exp
400 json_object_set_new (body,
401 "exp",
402 json_integer (exp_time.abs_value_us / (1000 * 1000)));
403 // nbf
404 json_object_set_new (body,
405 "nbf",
406 json_integer (time_now.abs_value_us / (1000 * 1000)));
407 // nonce
408 if (NULL != nonce)
409 json_object_set_new (body, "nonce", json_string (nonce));
410
411 // Error checking
412 body_str = json_dumps (body, JSON_INDENT (2) | JSON_COMPACT);
413 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str);
414
415 json_decref (body);
416 GNUNET_free (subject);
417
418 return body_str;
419}
420
421
422char *
423OIDC_generate_id_token_rsa (const char *rp_uri,
424 const struct GNUNET_CRYPTO_PublicKey *sub_key,
425 const struct GNUNET_RECLAIM_AttributeList *attrs,
426 const struct
427 GNUNET_RECLAIM_PresentationList *presentations,
428 const struct GNUNET_TIME_Relative *expiration_time,
429 const char *nonce,
430 const json_t *secret_rsa_key)
431{
432 json_t *jws;
433 char *body_str;
434 char *result;
435
436 // Generate the body of the JSON Web Signature
437 body_str = generate_id_token_body (rp_uri,
438 sub_key,
439 attrs,
440 presentations,
441 expiration_time,
442 nonce);
443
444 if (NULL == body_str)
445 {
446 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
447 "Body for the JWS could not be generated\n");
448 return NULL;
449 }
450
451 // Creating the JSON Web Signature.
452 jws = json_pack ("{s:o}", "payload",
453 jose_b64_enc (body_str, strlen (body_str)));
454 GNUNET_free (body_str);
455
456 if (! jose_jws_sig (NULL, jws, NULL, secret_rsa_key))
457 {
458 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
459 "Signature generation failed\n");
460 return NULL;
461 }
462
463 // Encoding JSON as compact JSON Web Signature
464 GNUNET_asprintf (&result, "%s.%s.%s",
465 json_string_value (json_object_get (jws, "protected")),
466 json_string_value (json_object_get (jws, "payload")),
467 json_string_value (json_object_get (jws, "signature")) );
468
469 json_decref (jws);
470 return result;
471}
472
473
474char *
475OIDC_generate_id_token_hmac (const char *rp_uri,
476 const struct GNUNET_CRYPTO_PublicKey *sub_key,
477 const struct GNUNET_RECLAIM_AttributeList *attrs,
478 const struct
479 GNUNET_RECLAIM_PresentationList *presentations,
480 const struct GNUNET_TIME_Relative *expiration_time,
481 const char *nonce,
482 const char *secret_key)
483{
484 struct GNUNET_HashCode signature;
485 char *header;
486 char *header_base64;
487 char *body_str;
488 char *body_base64;
489 char *signature_target;
490 char *signature_base64;
491 char *result;
492
493 // Generate and encode Header
494 header = create_jwt_hmac_header ();
495 if (NULL == header)
496 {
497 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
498 "Header for the JWS could not be generated\n");
499 return NULL;
500 }
501 GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64);
502 GNUNET_free (header);
503 fix_base64 (header_base64);
504
505 // Generate and encode the body of the JSON Web Signature
506 body_str = generate_id_token_body (rp_uri,
507 sub_key,
508 attrs,
509 presentations,
510 expiration_time,
511 nonce);
512
513 if (NULL == body_str)
514 {
515 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
516 "Body for the JWS could not be generated\n");
517 GNUNET_free (header_base64);
518 return NULL;
519 }
520
521 GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64);
522 fix_base64 (body_base64);
523
528 GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
529 GNUNET_CRYPTO_hmac_raw (secret_key,
530 strlen (secret_key),
531 signature_target,
532 strlen (signature_target),
533 &signature);
534 GNUNET_STRINGS_base64url_encode ((const char *) &signature,
535 sizeof(struct GNUNET_HashCode),
536 &signature_base64);
537 fix_base64 (signature_base64);
538
539 GNUNET_asprintf (&result,
540 "%s.%s.%s",
541 header_base64,
542 body_base64,
543 signature_base64);
544
545 GNUNET_free (header_base64);
546 GNUNET_free (body_str);
547 GNUNET_free (body_base64);
548 GNUNET_free (signature_target);
549 GNUNET_free (signature_base64);
550 return result;
551}
552
553
566char *
567OIDC_build_authz_code (const struct GNUNET_CRYPTO_PrivateKey *issuer,
568 const struct GNUNET_RECLAIM_Ticket *ticket,
569 const struct GNUNET_RECLAIM_AttributeList *attrs,
570 const struct
571 GNUNET_RECLAIM_PresentationList *presentations,
572 const char *nonce_str,
573 const char *code_challenge)
574{
575 struct OIDC_Parameters params;
576 char *code_payload;
577 char *payload;
578 char *tmp;
579 char *code_str;
580 char *buf_ptr = NULL;
581 size_t payload_len;
582 size_t code_payload_len;
583 size_t attr_list_len = 0;
584 size_t pres_list_len = 0;
585 size_t code_challenge_len = 0;
586 uint32_t nonce_len = 0;
587 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
588
590 // Assign ticket
591 memset (&params, 0, sizeof(params));
592 memcpy (params.ticket.gns_name, ticket->gns_name, strlen (ticket->gns_name)
593 + 1);
594 // Assign nonce
595 payload_len = sizeof(struct OIDC_Parameters);
596 if ((NULL != nonce_str) && (strcmp ("", nonce_str) != 0))
597 {
598 nonce_len = strlen (nonce_str);
599 payload_len += nonce_len;
600 }
601 params.nonce_len = htonl (nonce_len);
602 // Assign code challenge
603 if (NULL != code_challenge)
604 code_challenge_len = strlen (code_challenge);
605 payload_len += code_challenge_len;
606 params.code_challenge_len = htonl (code_challenge_len);
607 // Assign attributes
608 if (NULL != attrs)
609 {
610 // Get length
611 attr_list_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs);
612 params.attr_list_len = htonl (attr_list_len);
613 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
614 "Length of serialized attributes: %lu\n",
615 attr_list_len);
616 // Get serialized attributes
617 payload_len += attr_list_len;
618 }
619 if (NULL != presentations)
620 {
621 // Get length
622 // FIXME only add presentations relevant for attribute list!!!
623 // This is important because of the distinction between id_token and
624 // userinfo in OIDC
625 pres_list_len =
626 GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations);
627 params.pres_list_len = htonl (pres_list_len);
628 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
629 "Length of serialized presentations: %lu\n",
630 pres_list_len);
631 // Get serialized attributes
632 payload_len += pres_list_len;
633 }
634
635 // Get plaintext length
636 payload = GNUNET_malloc (payload_len);
637 memcpy (payload, &params, sizeof(params));
638 tmp = payload + sizeof(params);
639 if (0 < code_challenge_len)
640 {
641 memcpy (tmp, code_challenge, code_challenge_len);
642 tmp += code_challenge_len;
643 }
644 if (0 < nonce_len)
645 {
646 memcpy (tmp, nonce_str, nonce_len);
647 tmp += nonce_len;
648 }
649 if (0 < attr_list_len)
650 GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp);
651 tmp += attr_list_len;
652 if (0 < pres_list_len)
653 GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp);
654 tmp += pres_list_len;
655
658 // Get length
659 code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
660 + payload_len + sizeof(struct
661 GNUNET_CRYPTO_Signature);
662 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
663 "Length of data to encode: %lu\n",
664 code_payload_len);
665
666 // Initialize code payload
667 code_payload = GNUNET_malloc (code_payload_len);
668 GNUNET_assert (NULL != code_payload);
669 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
670 purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
671 + payload_len);
672 purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
673 // Store pubkey
674 buf_ptr = (char *) &purpose[1];
675 memcpy (buf_ptr, payload, payload_len);
676 GNUNET_free (payload);
677 buf_ptr += payload_len;
678 // Sign and store signature
679 if (GNUNET_SYSERR ==
680 GNUNET_CRYPTO_sign_ (issuer,
681 purpose,
682 (struct GNUNET_CRYPTO_Signature *)
683 buf_ptr))
684 {
685 GNUNET_break (0);
686 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
687 GNUNET_free (code_payload);
688 return NULL;
689 }
690 GNUNET_STRINGS_base64url_encode (code_payload, code_payload_len, &code_str);
691 GNUNET_free (code_payload);
692 return code_str;
693}
694
695
696enum GNUNET_GenericReturnValue
697check_code_challenge (const char *code_challenge,
698 uint32_t code_challenge_len,
699 const char *code_verifier)
700{
701 char *code_verifier_hash;
702 char *expected_code_challenge;
703
704 if (0 == code_challenge_len) /* Only check if this code requires a CV */
705 return GNUNET_OK;
706 if (NULL == code_verifier)
707 {
708 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
709 "Expected code verifier!\n");
710 return GNUNET_SYSERR;
711 }
712 code_verifier_hash = GNUNET_malloc (256 / 8);
713 // hash code verifier
714 gcry_md_hash_buffer (GCRY_MD_SHA256,
715 code_verifier_hash,
716 code_verifier,
717 strlen (code_verifier));
718 // encode code verifier
719 GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8,
720 &expected_code_challenge);
721 GNUNET_free (code_verifier_hash);
722 if (0 !=
723 strncmp (expected_code_challenge, code_challenge, code_challenge_len))
724 {
725 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
726 "Invalid code verifier! Expected: %s, Got: %.*s\n",
727 expected_code_challenge,
728 code_challenge_len,
729 code_challenge);
730 GNUNET_free (expected_code_challenge);
731 return GNUNET_SYSERR;
732 }
733 GNUNET_free (expected_code_challenge);
734 return GNUNET_OK;
735}
736
737
753int
754OIDC_parse_authz_code (const char *rp_uri,
755 const struct GNUNET_CRYPTO_PublicKey *cid,
756 const char *code,
757 const char *code_verifier,
758 struct GNUNET_RECLAIM_Ticket *ticket,
759 struct GNUNET_RECLAIM_AttributeList **attrs,
760 struct GNUNET_RECLAIM_PresentationList **presentations,
761 char **nonce_str,
762 enum OIDC_VerificationOptions opts, char **emsg)
763{
764 char *code_payload;
765 char *ptr;
766 char *plaintext;
767 char *attrs_ser;
768 char *presentations_ser;
769 char *code_challenge;
770 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
771 struct GNUNET_CRYPTO_Signature *signature;
772 struct GNUNET_CRYPTO_PublicKey iss;
773 uint32_t code_challenge_len;
774 uint32_t attrs_ser_len;
775 uint32_t pres_ser_len;
776 size_t plaintext_len;
777 size_t code_payload_len;
778 uint32_t nonce_len = 0;
779 struct OIDC_Parameters *params;
780
781
782 GNUNET_GNS_parse_ztld (ticket->gns_name, &iss);
783 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code);
784 code_payload = NULL;
785 code_payload_len =
786 GNUNET_STRINGS_base64url_decode (code, strlen (code),
787 (void **) &code_payload);
788 if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
789 + sizeof(struct OIDC_Parameters)
790 + sizeof(struct GNUNET_CRYPTO_Signature))
791 {
792 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
793 GNUNET_free (code_payload);
794 return GNUNET_SYSERR;
795 }
796
797 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
798 plaintext_len = code_payload_len;
799 plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose);
800 ptr = (char *) &purpose[1];
801 plaintext_len -= sizeof(struct GNUNET_CRYPTO_Signature);
802 plaintext = ptr;
803 ptr += plaintext_len;
804 signature = (struct GNUNET_CRYPTO_Signature *) ptr;
805 params = (struct OIDC_Parameters *) plaintext;
806
807 // cmp code_challenge code_verifier
808 code_challenge_len = ntohl (params->code_challenge_len);
809 code_challenge = ((char *) &params[1]);
810 if (! (opts & OIDC_VERIFICATION_NO_CODE_VERIFIER))
811 {
812 if (GNUNET_OK != check_code_challenge (code_challenge,
813 code_challenge_len,
814 code_verifier))
815 {
816 GNUNET_asprintf (emsg, "Code verifier `%s' invalid for challenge `%s'",
817 code_verifier, code_challenge);
818 GNUNET_free (code_payload);
819 return GNUNET_SYSERR;
820 }
821 }
822 nonce_len = ntohl (params->nonce_len);
823 if (0 != nonce_len)
824 {
825 *nonce_str = GNUNET_strndup (code_challenge + code_challenge_len,
826 nonce_len);
827 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %s\n", *nonce_str);
828 }
829
830 // Ticket
831 memcpy (ticket, &params->ticket, sizeof(params->ticket));
832 // Signature
833 // GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub);
834 if (GNUNET_OK !=
835 GNUNET_CRYPTO_signature_verify_ (
836 GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
837 purpose,
838 signature,
839 &iss))
840 {
841 GNUNET_free (code_payload);
842 if (NULL != *nonce_str)
843 GNUNET_free (*nonce_str);
844 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n");
845 *emsg = GNUNET_strdup ("Signature verification failed");
846 return GNUNET_SYSERR;
847 }
848 // Attributes
849 attrs_ser = ((char *) &params[1]) + code_challenge_len + nonce_len;
850 attrs_ser_len = ntohl (params->attr_list_len);
851 *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len);
852 presentations_ser = ((char*) attrs_ser) + attrs_ser_len;
853 pres_ser_len = ntohl (params->pres_list_len);
854 *presentations =
855 GNUNET_RECLAIM_presentation_list_deserialize (presentations_ser,
856 pres_ser_len);
857
858 GNUNET_free (code_payload);
859 return GNUNET_OK;
860}
861
862
872void
873OIDC_build_token_response (const char *access_token,
874 const char *id_token,
875 const struct GNUNET_TIME_Relative *expiration_time,
876 char **token_response)
877{
878 json_t *root_json;
879
880 root_json = json_object ();
881
882 GNUNET_assert (NULL != access_token);
883 GNUNET_assert (NULL != id_token);
884 GNUNET_assert (NULL != expiration_time);
885 json_object_set_new (root_json, "access_token", json_string (access_token));
886 json_object_set_new (root_json, "token_type", json_string ("Bearer"));
887 json_object_set_new (root_json,
888 "expires_in",
889 json_integer (expiration_time->rel_value_us
890 / (1000 * 1000)));
891 json_object_set_new (root_json, "id_token", json_string (id_token));
892 *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
893 json_decref (root_json);
894}
895
896
900char *
901OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket,
902 const char *rp_uri)
903{
904 char *access_token;
905 char *tkt_b64;
906
907 GNUNET_STRINGS_base64_encode (ticket,
908 sizeof(*ticket),
909 &tkt_b64);
910 GNUNET_asprintf (&access_token, "%s-%s", tkt_b64, rp_uri);
911 GNUNET_free (tkt_b64);
912 return access_token;
913}
914
915
919int
920OIDC_access_token_parse (const char *token,
921 struct GNUNET_RECLAIM_Ticket **ticket,
922 char **rp_uri)
923{
924 size_t sret;
925 char *decoded;
926 char *tmp;
927 char *tkt_str;
928 char *rp_uri_str;
929 tmp = GNUNET_strdup (token);
930 tkt_str = strtok (tmp, "-");
931 GNUNET_assert (NULL != tkt_str); // FIXME handle
932 rp_uri_str = strtok (NULL, "-");
933 GNUNET_assert (NULL != rp_uri_str); // FIXME handle
934 sret = GNUNET_STRINGS_base64_decode (tkt_str,
935 strlen (tkt_str),
936 (void**) &decoded);
937 if (sizeof (struct GNUNET_RECLAIM_Ticket) != sret)
938 {
939 GNUNET_free (decoded);
940 GNUNET_free (tmp);
941 return GNUNET_SYSERR;
942 }
943 *ticket = (struct GNUNET_RECLAIM_Ticket *) decoded;
944 *rp_uri = GNUNET_strdup (rp_uri_str);
945 GNUNET_free (tmp);
946 return GNUNET_OK;
947}
948
949
958enum GNUNET_GenericReturnValue
959OIDC_check_scopes_for_claim_request (const char*scopes,
960 const char*attr)
961{
962 char *scope_variables;
963 char *scope_variable;
964 char delimiter[] = " ";
965 int i;
966
967 scope_variables = GNUNET_strdup (scopes);
968 scope_variable = strtok (scope_variables, delimiter);
969 while (NULL != scope_variable)
970 {
971 if (0 == strcmp ("profile", scope_variable))
972 {
973 for (i = 0; i < 14; i++)
974 {
975 if (0 == strcmp (attr, OIDC_profile_claims[i]))
976 {
977 GNUNET_free (scope_variables);
978 return GNUNET_YES;
979 }
980 }
981 }
982 else if (0 == strcmp ("address", scope_variable))
983 {
984 for (i = 0; i < 5; i++)
985 {
986 if (0 == strcmp (attr, OIDC_address_claims[i]))
987 {
988 GNUNET_free (scope_variables);
989 return GNUNET_YES;
990 }
991 }
992 }
993 else if (0 == strcmp ("email", scope_variable))
994 {
995 for (i = 0; i < 2; i++)
996 {
997 if (0 == strcmp (attr, OIDC_email_claims[i]))
998 {
999 GNUNET_free (scope_variables);
1000 return GNUNET_YES;
1001 }
1002 }
1003 }
1004 else if (0 == strcmp ("phone", scope_variable))
1005 {
1006 for (i = 0; i < 2; i++)
1007 {
1008 if (0 == strcmp (attr, OIDC_phone_claims[i]))
1009 {
1010 GNUNET_free (scope_variables);
1011 return GNUNET_YES;
1012 }
1013 }
1014
1015 }
1016 else if (0 == strcmp (attr, scope_variable))
1017 {
1019 GNUNET_free (scope_variables);
1020 return GNUNET_YES;
1021 }
1022 scope_variable = strtok (NULL, delimiter);
1023 }
1024 GNUNET_free (scope_variables);
1025 return GNUNET_NO;
1026
1027}
subject
static char * subject
Subject pubkey string.
Definition: gnunet-abd.c:87
replace
static int replace
Replace DID Document Flag.
Definition: gnunet-did.c:53
claim
struct GNUNET_RECLAIM_Attribute * claim
Claim to store.
Definition: gnunet-reclaim.c:190
ticket
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
Definition: gnunet-reclaim.c:165
result
static int result
Global testing status.
Definition: gnunet-regex-profiler.c:240
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition: gnunet-service-datastore.c:183
gnunet_gns_service.h
API to the GNS service.
gnunet_gnsrecord_lib.h
API that can be used to manipulate GNS record data.
gnunet_reclaim_lib.h
Identity attribute definitions.
gnunet_reclaim_service.h
reclaim service; implements identity and personal data sharing for GNUnet
gnunet_util_lib.h
GNUNET_GNS_parse_ztld
enum GNUNET_GenericReturnValue GNUNET_GNS_parse_ztld(const char *name, struct GNUNET_CRYPTO_PublicKey *ztld_key)
Try to parse the zTLD into a public key.
Definition: gns_tld_api.c:228
GNUNET_NETWORK_STRUCT_BEGIN
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
Definition: gnunet_common.h:267
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:569
GNUNET_CRYPTO_signature_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_signature_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_Signature *sig, const struct GNUNET_CRYPTO_PublicKey *pub)
Verify a given signature.
Definition: crypto_pkey.c:334
GNUNET_CRYPTO_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_sign_(const struct GNUNET_CRYPTO_PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Signature *sig)
Sign a given block.
Definition: crypto_pkey.c:308
GNUNET_NETWORK_STRUCT_END
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
Definition: gnunet_common.h:272
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:106
GNUNET_CRYPTO_hmac_raw
void GNUNET_CRYPTO_hmac_raw(const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104) TODO: Shouldn't this be the standard hmac function and the abo...
Definition: crypto_hash.c:300
GNUNET_PACKED
#define GNUNET_PACKED
gcc-ism to get packed structs.
Definition: gnunet_common.h:236
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:977
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1062
GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_WARNING
Definition: gnunet_common.h:436
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:435
GNUNET_ERROR_TYPE_DEBUG
@ GNUNET_ERROR_TYPE_DEBUG
Definition: gnunet_common.h:442
GNUNET_asprintf
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
GNUNET_strdup
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
Definition: gnunet_common.h:1472
GNUNET_strndup
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
Definition: gnunet_common.h:1484
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1398
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1458
GNUNET_RECLAIM_id_is_equal
#define GNUNET_RECLAIM_id_is_equal(a, b)
Definition: gnunet_reclaim_lib.h:94
GNUNET_RECLAIM_presentation_list_deserialize
struct GNUNET_RECLAIM_PresentationList * GNUNET_RECLAIM_presentation_list_deserialize(const char *data, size_t data_size)
Deserialize a presentation list.
Definition: reclaim_credential.c:749
GNUNET_RECLAIM_id_is_zero
#define GNUNET_RECLAIM_id_is_zero(a)
Definition: gnunet_reclaim_lib.h:102
GNUNET_RECLAIM_attribute_list_deserialize
struct GNUNET_RECLAIM_AttributeList * GNUNET_RECLAIM_attribute_list_deserialize(const char *data, size_t data_size)
Deserialize an attribute list.
Definition: reclaim_attribute.c:358
GNUNET_RECLAIM_attribute_list_serialize
size_t GNUNET_RECLAIM_attribute_list_serialize(const struct GNUNET_RECLAIM_AttributeList *attrs, char *result)
Serialize an attribute list.
Definition: reclaim_attribute.c:329
GNUNET_RECLAIM_presentation_number_to_typename
const char * GNUNET_RECLAIM_presentation_number_to_typename(uint32_t type)
Convert a presentation type number to the corresponding credential type string.
Definition: reclaim_credential.c:595
GNUNET_RECLAIM_presentation_list_serialize
size_t GNUNET_RECLAIM_presentation_list_serialize(const struct GNUNET_RECLAIM_PresentationList *presentations, char *result)
Serialize a presentation list.
Definition: reclaim_credential.c:720
GNUNET_RECLAIM_attribute_value_to_string
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of an attribute to a string.
Definition: reclaim_attribute.c:231
GNUNET_RECLAIM_presentation_list_serialize_get_size
size_t GNUNET_RECLAIM_presentation_list_serialize_get_size(const struct GNUNET_RECLAIM_PresentationList *presentations)
Get required size for serialization buffer.
Definition: reclaim_credential.c:704
GNUNET_RECLAIM_attribute_list_serialize_get_size
size_t GNUNET_RECLAIM_attribute_list_serialize_get_size(const struct GNUNET_RECLAIM_AttributeList *attrs)
Get required size for serialization buffer.
Definition: reclaim_attribute.c:313
GNUNET_RECLAIM_presentation_value_to_string
char * GNUNET_RECLAIM_presentation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of a presentation to a string.
Definition: reclaim_credential.c:656
GNUNET_STRINGS_base64url_decode
size_t GNUNET_STRINGS_base64url_decode(const char *data, size_t len, void **out)
Decode from Base64url.
Definition: strings.c:1782
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
GNUNET_STRINGS_base64url_encode
size_t GNUNET_STRINGS_base64url_encode(const void *in, size_t len, char **output)
Encode into Base64url.
Definition: strings.c:1671
GNUNET_STRINGS_base64_decode
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition: strings.c:1724
GNUNET_STRINGS_base64_encode
size_t GNUNET_STRINGS_base64_encode(const void *in, size_t len, char **output)
Encode into Base64.
Definition: strings.c:1622
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:450
replace_char
static void replace_char(char *str, char find, char replace)
Definition: oidc_helper.c:137
OIDC_email_claims
static char OIDC_email_claims[2][16]
Standard claims represented by the "email" scope in OIDC.
Definition: oidc_helper.c:87
OIDC_generate_id_token_rsa
char * OIDC_generate_id_token_rsa(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const json_t *secret_rsa_key)
Create a JWT using RSA256 algorithm from attributes.
Definition: oidc_helper.c:423
OIDC_address_claims
static char OIDC_address_claims[5][32]
Standard claims represented by the "address" scope in OIDC.
Definition: oidc_helper.c:101
fix_base64
static void fix_base64(char *str)
Definition: oidc_helper.c:151
OIDC_generate_userinfo
char * OIDC_generate_userinfo(const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
Definition: oidc_helper.c:348
check_code_challenge
enum GNUNET_GenericReturnValue check_code_challenge(const char *code_challenge, uint32_t code_challenge_len, const char *code_verifier)
Definition: oidc_helper.c:697
is_claim_in_address_scope
static enum GNUNET_GenericReturnValue is_claim_in_address_scope(const char *claim)
Definition: oidc_helper.c:106
OIDC_parse_authz_code
int OIDC_parse_authz_code(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *cid, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts, char **emsg)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:754
OIDC_build_authz_code
char * OIDC_build_authz_code(const struct GNUNET_CRYPTO_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
Definition: oidc_helper.c:567
generate_id_token_body
char * generate_id_token_body(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce)
Definition: oidc_helper.c:364
OIDC_generate_id_token_hmac
char * OIDC_generate_id_token_hmac(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT using HMAC (HS256) from attributes.
Definition: oidc_helper.c:475
OIDC_access_token_new
char * OIDC_access_token_new(const struct GNUNET_RECLAIM_Ticket *ticket, const char *rp_uri)
Generate a new access token.
Definition: oidc_helper.c:901
create_jwt_hmac_header
static char * create_jwt_hmac_header(void)
Definition: oidc_helper.c:121
OIDC_access_token_parse
int OIDC_access_token_parse(const char *token, struct GNUNET_RECLAIM_Ticket **ticket, char **rp_uri)
Parse an access token.
Definition: oidc_helper.c:920
OIDC_check_scopes_for_claim_request
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request(const char *scopes, const char *attr)
Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standar...
Definition: oidc_helper.c:959
generate_userinfo_json
static json_t * generate_userinfo_json(const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Definition: oidc_helper.c:162
OIDC_phone_claims
static char OIDC_phone_claims[2][32]
Standard claims represented by the "phone" scope in OIDC.
Definition: oidc_helper.c:94
OIDC_build_token_response
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
Definition: oidc_helper.c:873
OIDC_profile_claims
static GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims[14][32]
Standard claims represented by the "profile" scope in OIDC.
Definition: oidc_helper.c:78
oidc_helper.h
JWT_TYP_VALUE
#define JWT_TYP_VALUE
Definition: oidc_helper.h:34
JWT_ALG
#define JWT_ALG
Definition: oidc_helper.h:32
SERVER_ADDRESS
#define SERVER_ADDRESS
Definition: oidc_helper.h:39
OIDC_VerificationOptions
OIDC_VerificationOptions
Definition: oidc_helper.h:42
OIDC_VERIFICATION_NO_CODE_VERIFIER
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
Definition: oidc_helper.h:51
JWT_TYP
#define JWT_TYP
Definition: oidc_helper.h:33
JWT_ALG_VALUE_HMAC
#define JWT_ALG_VALUE_HMAC
Definition: oidc_helper.h:36
GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN
#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN
Signature for a GNUid Ticket (Reclaim)
Definition: gnunet_signatures.h:172
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition: gnunet_crypto_lib.h:155
GNUNET_CRYPTO_PrivateKey
A private key for an identity as per LSD0001.
Definition: gnunet_crypto_lib.h:387
GNUNET_CRYPTO_PublicKey
An identity key as per LSD0001.
Definition: gnunet_crypto_lib.h:414
GNUNET_CRYPTO_Signature
An identity signature as per LSD0001.
Definition: gnunet_crypto_lib.h:441
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:282
GNUNET_RECLAIM_AttributeListEntry
Definition: gnunet_reclaim_lib.h:244
GNUNET_RECLAIM_AttributeListEntry::attribute
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
Definition: gnunet_reclaim_lib.h:258
GNUNET_RECLAIM_AttributeListEntry::next
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
Definition: gnunet_reclaim_lib.h:253
GNUNET_RECLAIM_AttributeList
A list of GNUNET_RECLAIM_Attribute structures.
Definition: gnunet_reclaim_lib.h:230
GNUNET_RECLAIM_AttributeList::list_head
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
Definition: gnunet_reclaim_lib.h:234
GNUNET_RECLAIM_Attribute::name
const char * name
The name of the attribute.
Definition: gnunet_reclaim_lib.h:141
GNUNET_RECLAIM_Attribute::credential
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
Definition: gnunet_reclaim_lib.h:125
GNUNET_RECLAIM_Attribute::type
uint32_t type
Type of Claim.
Definition: gnunet_reclaim_lib.h:130
GNUNET_RECLAIM_Attribute::data
const void * data
Binary value stored as attribute value.
Definition: gnunet_reclaim_lib.h:153
GNUNET_RECLAIM_Attribute::data_size
size_t data_size
Number of bytes in data.
Definition: gnunet_reclaim_lib.h:146
GNUNET_RECLAIM_PresentationListEntry
Definition: gnunet_reclaim_lib.h:317
GNUNET_RECLAIM_PresentationListEntry::presentation
struct GNUNET_RECLAIM_Presentation * presentation
The credential.
Definition: gnunet_reclaim_lib.h:331
GNUNET_RECLAIM_PresentationListEntry::next
struct GNUNET_RECLAIM_PresentationListEntry * next
DLL.
Definition: gnunet_reclaim_lib.h:326
GNUNET_RECLAIM_PresentationList
A list of GNUNET_RECLAIM_Presentation structures.
Definition: gnunet_reclaim_lib.h:303
GNUNET_RECLAIM_PresentationList::list_head
struct GNUNET_RECLAIM_PresentationListEntry * list_head
List head.
Definition: gnunet_reclaim_lib.h:307
GNUNET_RECLAIM_Presentation::data
const void * data
Binary value stored as presentation value.
Definition: gnunet_reclaim_lib.h:221
GNUNET_RECLAIM_Presentation::type
uint32_t type
Type/Format of Claim.
Definition: gnunet_reclaim_lib.h:209
GNUNET_RECLAIM_Presentation::data_size
size_t data_size
Number of bytes in data.
Definition: gnunet_reclaim_lib.h:214
GNUNET_RECLAIM_Presentation::credential_id
struct GNUNET_RECLAIM_Identifier credential_id
The credential id of which this is a presentation.
Definition: gnunet_reclaim_lib.h:204
GNUNET_RECLAIM_Ticket
The authorization ticket.
Definition: gnunet_reclaim_service.h:76
GNUNET_RECLAIM_Ticket::gns_name
char gns_name[63 *2+2]
The ticket.
Definition: gnunet_reclaim_service.h:83
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition: gnunet_time_lib.h:58
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:77
GNUNET_TIME_Relative::rel_value_us
uint64_t rel_value_us
The actual value.
Definition: gnunet_time_lib.h:81
OIDC_Parameters
The signature used to generate the authorization code.
Definition: oidc_helper.c:46
OIDC_Parameters::ticket
struct GNUNET_RECLAIM_Ticket ticket
The reclaim ticket.
Definition: oidc_helper.c:50
OIDC_Parameters::pres_list_len
uint32_t pres_list_len
The length of the presentation list.
Definition: oidc_helper.c:70
OIDC_Parameters::nonce_len
uint32_t nonce_len
The nonce length.
Definition: oidc_helper.c:55
OIDC_Parameters::attr_list_len
uint32_t attr_list_len
The length of the attributes list.
Definition: oidc_helper.c:65
OIDC_Parameters::code_challenge_len
uint32_t code_challenge_len
The length of the PKCE code_challenge.
Definition: oidc_helper.c:60