1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
// Copyright 2015 The Weave Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
#define LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
typedef struct {
size_t num_bytes;
const uint8_t* bytes;
} UwMacaroonCaveat;
typedef enum {
kUwMacaroonCaveatTypeNonce = 0, // bstr
kUwMacaroonCaveatTypeScope = 1, // uint
kUwMacaroonCaveatTypeExpirationAbsolute = 5, // uint
kUwMacaroonCaveatTypeTTL1Hour = 6, // no value
kUwMacaroonCaveatTypeTTL24Hour = 7, // no value
kUwMacaroonCaveatTypeDelegationTimestamp = 8, // uint
kUwMacaroonCaveatTypeDelegateeUser = 9, // bstr
kUwMacaroonCaveatTypeDelegateeApp = 10, // bstr
kUwMacaroonCaveatTypeDelegateeService = 12, // uint
kUwMacaroonCaveatTypeAppCommandsOnly = 11, // no value
kUwMacaroonCaveatTypeBleSessionID = 16, // no value
kUwMacaroonCaveatTypeLanSessionID = 17, // bstr
kUwMacaroonCaveatTypeAuthenticationChallenge = 20, // no value
kUwMacaroonCaveatTypeClientAuthorizationTokenV1 = 8193, // bstr (0x2001)
kUwMacaroonCaveatTypeServerAuthenticationTokenV1 = 12289, // bstr (0x3001)
} UwMacaroonCaveatType;
typedef enum {
kUwMacaroonCaveatScopeTypeOwner = 2,
kUwMacaroonCaveatScopeTypeManager = 8,
kUwMacaroonCaveatScopeTypeUser = 14,
kUwMacaroonCaveatScopeTypeViewer = 20,
} UwMacaroonCaveatScopeType;
typedef enum {
kUwMacaroonCaveatCloudServiceIdNotCloudRegistered = 0,
kUwMacaroonCaveatCloudServiceIdGoogleWeave = 1,
} UwMacaroonCaveatCloudServiceId;
// For security sanity checks
#define UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE 127
/** Compute the buffer sizes that are enough for caveat creation functions. */
size_t uw_macaroon_caveat_creation_get_buffsize_(UwMacaroonCaveatType type,
size_t str_len);
// Caveat creation functions
bool uw_macaroon_caveat_create_nonce_(const uint8_t* nonce,
size_t nonce_size,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_scope_(UwMacaroonCaveatScopeType scope,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_expiration_absolute_(
uint32_t expiration_time,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_ttl_1_hour_(uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_ttl_24_hour_(uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_delegation_timestamp_(
uint32_t timestamp,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_delegatee_user_(const uint8_t* id_str,
size_t id_str_len,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_delegatee_app_(const uint8_t* id_str,
size_t id_str_len,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_delegatee_service_(
UwMacaroonCaveatCloudServiceId service_id,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_app_commands_only_(uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_ble_session_id_(uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_lan_session_id_(const uint8_t* session_id,
size_t session_id_len,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_authentication_challenge_(
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
// The string values for these two token types are optional.
// Use str_len = 0 to indicate creating the caveats without string values.
bool uw_macaroon_caveat_create_client_authorization_token_(
const uint8_t* str,
size_t str_len,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
bool uw_macaroon_caveat_create_server_authentication_token_(
const uint8_t* str,
size_t str_len,
uint8_t* buffer,
size_t buffer_size,
UwMacaroonCaveat* new_caveat);
/** Get the type for the given caveat. */
bool uw_macaroon_caveat_get_type_(const UwMacaroonCaveat* caveat,
UwMacaroonCaveatType* type);
#endif // LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
|
