1 // Copyright 2015 The Weave Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBUWEAVE_SRC_MACAROON_H_
6 #define LIBUWEAVE_SRC_MACAROON_H_
7 
8 #include <stdbool.h>
9 #include <stddef.h>
10 #include <stdint.h>
11 
12 #include "src/macaroon_caveat.h"
13 #include "src/macaroon_context.h"
14 
15 #define UW_MACAROON_MAC_LEN 16
16 
17 // Note: If we are looking to make memory savings on MCUs,
18 // at the cost of a little extra processing, we can make
19 // the macaroon encoding the actual in-memory representation.
20 // This can save much copying of macaroon data if need be.
21 typedef struct {
22   uint8_t mac_tag[UW_MACAROON_MAC_LEN];
23   size_t num_caveats;
24   const UwMacaroonCaveat* const* caveats;
25 } UwMacaroon;
26 
27 // For the delegatee list in the validation result object
28 typedef enum {
29   kUwMacaroonDelegateeTypeNone = 0,
30   kUwMacaroonDelegateeTypeUser = 1,
31   kUwMacaroonDelegateeTypeApp = 2,
32   kUwMacaroonDelegateeTypeService = 3,
33 } UwMacaroonDelegateeType;
34 
35 typedef struct {
36   const uint8_t* id;
37   size_t id_len;
38   UwMacaroonDelegateeType type;
39   uint32_t timestamp;
40 } UwMacaroonDelegateeInfo;
41 
42 #define MAX_NUM_DELEGATEES 10
43 
44 typedef struct {
45   UwMacaroonCaveatScopeType granted_scope;
46   uint32_t expiration_time;
47   bool weave_app_restricted;
48   const uint8_t* lan_session_id;
49   size_t lan_session_id_len;
50   UwMacaroonDelegateeInfo delegatees[MAX_NUM_DELEGATEES];
51   size_t num_delegatees;
52 } UwMacaroonValidationResult;
53 
54 bool uw_macaroon_create_from_root_key_(UwMacaroon* new_macaroon,
55                                        const uint8_t* root_key,
56                                        size_t root_key_len,
57                                        const UwMacaroonContext* context,
58                                        const UwMacaroonCaveat* const caveats[],
59                                        size_t num_caveats);
60 
61 /** Creates a new macaroon with a new caveat. */
62 bool uw_macaroon_extend_(const UwMacaroon* old_macaroon,
63                          UwMacaroon* new_macaroon,
64                          const UwMacaroonContext* context,
65                          const UwMacaroonCaveat* additional_caveat,
66                          uint8_t* buffer,
67                          size_t buffer_size);
68 
69 /**
70  * Verify and validate the Macaroon, and put relevant information into the
71  * result object. Note that the resulting granted_scope will be the closest
72  * valid scope type (to the narrower side) defined in macaroon_caveat.h.
73  */
74 bool uw_macaroon_validate_(
75     const UwMacaroon* macaroon,
76     const uint8_t* root_key,
77     size_t root_key_len,
78     const UwMacaroonContext* context,
79     UwMacaroonValidationResult* result);
80 
81 /** Encode a Macaroon to a byte string. */
82 bool uw_macaroon_serialize_(const UwMacaroon* macaroon,
83                             uint8_t* out,
84                             size_t out_len,
85                             size_t* resulting_str_len);
86 
87 /**
88  * Decodes a byte string to a Macaroon.
89  *
90  * One note is that the function doesn't copy string values to new buffers, so
91  * the caller must maintain the input string around to make caveats with string
92  * values to be usable.
93  */
94 bool uw_macaroon_deserialize_(const uint8_t* in,
95                               size_t in_len,
96                               uint8_t* buffer,
97                               size_t buffer_size,
98                               UwMacaroon* new_macaroon);
99 
100 #endif  // LIBUWEAVE_SRC_MACAROON_H_
101