1 // Copyright 2015 The Weave Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
6 #define LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
7 
8 #include <stdbool.h>
9 #include <stddef.h>
10 #include <stdint.h>
11 
12 typedef struct {
13   size_t num_bytes;
14   const uint8_t* bytes;
15 } UwMacaroonCaveat;
16 
17 typedef enum {
18   kUwMacaroonCaveatTypeNonce = 0,                // bstr
19   kUwMacaroonCaveatTypeScope = 1,                // uint
20   kUwMacaroonCaveatTypeExpirationAbsolute = 5,   // uint
21   kUwMacaroonCaveatTypeTTL1Hour = 6,             // no value
22   kUwMacaroonCaveatTypeTTL24Hour = 7,            // no value
23   kUwMacaroonCaveatTypeDelegationTimestamp = 8,  // uint
24 
25   kUwMacaroonCaveatTypeDelegateeUser = 9,      // bstr
26   kUwMacaroonCaveatTypeDelegateeApp = 10,      // bstr
27   kUwMacaroonCaveatTypeDelegateeService = 12,  // bstr
28 
29   kUwMacaroonCaveatTypeAppCommandsOnly = 11,                 // no value
30   kUwMacaroonCaveatTypeBleSessionID = 16,                    // no value
31   kUwMacaroonCaveatTypeLanSessionID = 17,                    // bstr
32   kUwMacaroonCaveatTypeClientAuthorizationTokenV1 = 8193,    // bstr (0x2001)
33   kUwMacaroonCaveatTypeServerAuthenticationTokenV1 = 12289,  // bstr (0x3001)
34 } UwMacaroonCaveatType;
35 
36 typedef enum {
37   kUwMacaroonCaveatScopeTypeOwner = 2,
38   kUwMacaroonCaveatScopeTypeManager = 8,
39   kUwMacaroonCaveatScopeTypeUser = 14,
40   kUwMacaroonCaveatScopeTypeViewer = 20,
41 } UwMacaroonCaveatScopeType;
42 
43 // For security sanity checks
44 #define UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE 127
45 
46 /** Compute the buffer sizes that are enough for caveat creation functions. */
47 size_t uw_macaroon_caveat_creation_get_buffsize_(UwMacaroonCaveatType type,
48                                                  size_t str_len);
49 
50 // Caveat creation functions
51 bool uw_macaroon_caveat_create_nonce_(const uint8_t* nonce,
52                                       size_t nonce_size,
53                                       uint8_t* buffer,
54                                       size_t buffer_size,
55                                       UwMacaroonCaveat* new_caveat);
56 bool uw_macaroon_caveat_create_scope_(UwMacaroonCaveatScopeType scope,
57                                       uint8_t* buffer,
58                                       size_t buffer_size,
59                                       UwMacaroonCaveat* new_caveat);
60 bool uw_macaroon_caveat_create_expiration_absolute_(
61     uint32_t expiration_time,
62     uint8_t* buffer,
63     size_t buffer_size,
64     UwMacaroonCaveat* new_caveat);
65 bool uw_macaroon_caveat_create_ttl_1_hour_(uint8_t* buffer,
66                                            size_t buffer_size,
67                                            UwMacaroonCaveat* new_caveat);
68 bool uw_macaroon_caveat_create_ttl_24_hour_(uint8_t* buffer,
69                                             size_t buffer_size,
70                                             UwMacaroonCaveat* new_caveat);
71 bool uw_macaroon_caveat_create_delegation_timestamp_(
72     uint32_t timestamp,
73     uint8_t* buffer,
74     size_t buffer_size,
75     UwMacaroonCaveat* new_caveat);
76 bool uw_macaroon_caveat_create_delegatee_user_(const uint8_t* id_str,
77                                                size_t id_str_len,
78                                                uint8_t* buffer,
79                                                size_t buffer_size,
80                                                UwMacaroonCaveat* new_caveat);
81 bool uw_macaroon_caveat_create_delegatee_app_(const uint8_t* id_str,
82                                               size_t id_str_len,
83                                               uint8_t* buffer,
84                                               size_t buffer_size,
85                                               UwMacaroonCaveat* new_caveat);
86 bool uw_macaroon_caveat_create_delegatee_service_(const uint8_t* id_str,
87                                                   size_t id_str_len,
88                                                   uint8_t* buffer,
89                                                   size_t buffer_size,
90                                                   UwMacaroonCaveat* new_caveat);
91 bool uw_macaroon_caveat_create_app_commands_only_(uint8_t* buffer,
92                                                   size_t buffer_size,
93                                                   UwMacaroonCaveat* new_caveat);
94 bool uw_macaroon_caveat_create_ble_session_id_(uint8_t* buffer,
95                                                size_t buffer_size,
96                                                UwMacaroonCaveat* new_caveat);
97 bool uw_macaroon_caveat_create_lan_session_id_(const uint8_t* session_id,
98                                                size_t session_id_len,
99                                                uint8_t* buffer,
100                                                size_t buffer_size,
101                                                UwMacaroonCaveat* new_caveat);
102 
103 // The string values for these two token types are optional.
104 // Use str_len = 0 to indicate creating the caveats without string values.
105 bool uw_macaroon_caveat_create_client_authorization_token_(
106     const uint8_t* str,
107     size_t str_len,
108     uint8_t* buffer,
109     size_t buffer_size,
110     UwMacaroonCaveat* new_caveat);
111 bool uw_macaroon_caveat_create_server_authentication_token_(
112     const uint8_t* str,
113     size_t str_len,
114     uint8_t* buffer,
115     size_t buffer_size,
116     UwMacaroonCaveat* new_caveat);
117 
118 /** Get the type for the given caveat. */
119 bool uw_macaroon_caveat_get_type_(const UwMacaroonCaveat* caveat,
120                                   UwMacaroonCaveatType* type);
121 
122 #endif  // LIBUWEAVE_SRC_MACAROON_CAVEAT_H_
123