diff options
Diffstat (limited to 'src/include/anastasis.h')
-rw-r--r-- | src/include/anastasis.h | 986 |
1 files changed, 986 insertions, 0 deletions
diff --git a/src/include/anastasis.h b/src/include/anastasis.h new file mode 100644 index 0000000..1591106 --- /dev/null +++ b/src/include/anastasis.h | |||
@@ -0,0 +1,986 @@ | |||
1 | /* | ||
2 | This file is part of Anastasis | ||
3 | Copyright (C) 2020, 2021 Taler Systems SA | ||
4 | |||
5 | Anastasis is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU Lesser General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | /** | ||
17 | * @file include/anastasis.h | ||
18 | * @brief anastasis high-level client api | ||
19 | * @author Christian Grothoff | ||
20 | * @author Dominik Meister | ||
21 | * @author Dennis Neufeld | ||
22 | */ | ||
23 | #ifndef ANASTASIS_H | ||
24 | #define ANASTASIS_H | ||
25 | |||
26 | #include "anastasis_service.h" | ||
27 | #include <taler/taler_json_lib.h> | ||
28 | #include <gnunet/gnunet_util_lib.h> | ||
29 | #include <stdbool.h> | ||
30 | |||
31 | |||
32 | /* ********************* Recovery api *********************** */ | ||
33 | |||
34 | /** | ||
35 | * Defines the instructions for a challenge, what does the user have | ||
36 | * to do to fulfill the challenge. Also defines the method and other | ||
37 | * information for the challenge like a link for the video indent or a | ||
38 | * information to which address an e-mail was sent. | ||
39 | */ | ||
40 | struct ANASTASIS_Challenge; | ||
41 | |||
42 | |||
43 | /** | ||
44 | * Defines the instructions for a challenge, what does the user have | ||
45 | * to do to fulfill the challenge. Also defines the method and other | ||
46 | * information for the challenge like a link for the video indent or a | ||
47 | * information to which address an e-mail was sent. | ||
48 | */ | ||
49 | struct ANASTASIS_ChallengeDetails | ||
50 | { | ||
51 | |||
52 | /** | ||
53 | * UUID which identifies this challenge | ||
54 | */ | ||
55 | struct ANASTASIS_CRYPTO_TruthUUIDP uuid; | ||
56 | |||
57 | /** | ||
58 | * Which type is this challenge (E-Mail, Security Question, SMS...) | ||
59 | */ | ||
60 | const char *type; | ||
61 | |||
62 | /** | ||
63 | * Defines the base URL of the Anastasis provider used for the challenge. | ||
64 | */ | ||
65 | const char *provider_url; | ||
66 | |||
67 | /** | ||
68 | * Instructions for solving the challenge (generic, set client-side | ||
69 | * when challenge was established). | ||
70 | */ | ||
71 | const char *instructions; | ||
72 | |||
73 | /** | ||
74 | * true if challenged was already solved, else false. | ||
75 | */ | ||
76 | bool solved; | ||
77 | |||
78 | }; | ||
79 | |||
80 | |||
81 | /** | ||
82 | * Return public details about a challenge. | ||
83 | * | ||
84 | * @param challenge the challenge to inspect | ||
85 | * @return public details about the challenge | ||
86 | */ | ||
87 | const struct ANASTASIS_ChallengeDetails * | ||
88 | ANASTASIS_challenge_get_details (struct ANASTASIS_Challenge *challenge); | ||
89 | |||
90 | |||
91 | /** | ||
92 | * Possible outcomes of trying to start a challenge operation. | ||
93 | */ | ||
94 | enum ANASTASIS_ChallengeStatus | ||
95 | { | ||
96 | |||
97 | /** | ||
98 | * The challenge has been solved. | ||
99 | */ | ||
100 | ANASTASIS_CHALLENGE_STATUS_SOLVED, | ||
101 | |||
102 | /** | ||
103 | * Instructions for how to solve the challenge are provided. Also | ||
104 | * used if the answer we provided was wrong (or if no answer was | ||
105 | * provided, but one is needed). | ||
106 | */ | ||
107 | ANASTASIS_CHALLENGE_STATUS_INSTRUCTIONS, | ||
108 | |||
109 | /** | ||
110 | * A redirection URL needed to solve the challenge is provided. Also | ||
111 | * used if the answer we provided was wrong (or if no answer was | ||
112 | * provided, but one is needed). | ||
113 | */ | ||
114 | ANASTASIS_CHALLENGE_STATUS_REDIRECT_FOR_AUTHENTICATION, | ||
115 | |||
116 | /** | ||
117 | * Payment is required before the challenge can be answered. | ||
118 | */ | ||
119 | ANASTASIS_CHALLENGE_STATUS_PAYMENT_REQUIRED, | ||
120 | |||
121 | /** | ||
122 | * We encountered an error talking to the Anastasis service. | ||
123 | */ | ||
124 | ANASTASIS_CHALLENGE_STATUS_SERVER_FAILURE, | ||
125 | |||
126 | /** | ||
127 | * The server does not know this truth. | ||
128 | */ | ||
129 | ANASTASIS_CHALLENGE_STATUS_TRUTH_UNKNOWN, | ||
130 | |||
131 | /** | ||
132 | * The rate limit for solving the challenge was exceeded. | ||
133 | */ | ||
134 | ANASTASIS_CHALLENGE_STATUS_RATE_LIMIT_EXCEEDED | ||
135 | |||
136 | }; | ||
137 | |||
138 | |||
139 | /** | ||
140 | * Response from an #ANASTASIS_challenge_start() operation. | ||
141 | */ | ||
142 | struct ANASTASIS_ChallengeStartResponse | ||
143 | { | ||
144 | /** | ||
145 | * What is our status on satisfying this challenge. Determines @e details. | ||
146 | */ | ||
147 | enum ANASTASIS_ChallengeStatus cs; | ||
148 | |||
149 | /** | ||
150 | * Which challenge is this about? | ||
151 | */ | ||
152 | struct ANASTASIS_Challenge *challenge; | ||
153 | |||
154 | /** | ||
155 | * Details depending on @e cs | ||
156 | */ | ||
157 | union | ||
158 | { | ||
159 | |||
160 | /** | ||
161 | * Challenge details provided if | ||
162 | * @e cs is #ANASTASIS_CHALLENGE_STATUS_INSTRUCTIONS. | ||
163 | */ | ||
164 | struct | ||
165 | { | ||
166 | |||
167 | /** | ||
168 | * Response with server-side instructions for the user. | ||
169 | */ | ||
170 | const void *body; | ||
171 | |||
172 | /** | ||
173 | * Mime type of the data in @e body. | ||
174 | */ | ||
175 | const char *content_type; | ||
176 | |||
177 | /** | ||
178 | * Number of bytes in @e body | ||
179 | */ | ||
180 | size_t body_size; | ||
181 | |||
182 | /** | ||
183 | * HTTP status returned by the server. #MHD_HTTP_ALREADY_REPORTED | ||
184 | * if the server did already send the challenge to the user, | ||
185 | * #MHD_HTTP_FORBIDDEN if the answer was wrong (or missing). | ||
186 | */ | ||
187 | unsigned int http_status; | ||
188 | } open_challenge; | ||
189 | |||
190 | |||
191 | /** | ||
192 | * Response with URL to redirect the user to, if | ||
193 | * @e cs is #ANASTASIS_CHALLENGE_STATUS_REDIRECT_FOR_AUTHENTICATION. | ||
194 | */ | ||
195 | const char *redirect_url; | ||
196 | |||
197 | /** | ||
198 | * Response with instructions for how to pay, if | ||
199 | * @e cs is #ANASTASIS_CHALLENGE_STATUS_PAYMENT_REQUIRED. | ||
200 | */ | ||
201 | struct | ||
202 | { | ||
203 | |||
204 | /** | ||
205 | * "taler://pay" URI with details how to pay for the challenge. | ||
206 | */ | ||
207 | const char *taler_pay_uri; | ||
208 | |||
209 | /** | ||
210 | * Payment secret from @e taler_pay_uri. | ||
211 | */ | ||
212 | struct ANASTASIS_PaymentSecretP payment_secret; | ||
213 | |||
214 | } payment_required; | ||
215 | |||
216 | |||
217 | /** | ||
218 | * Response with details about a server-side failure, if | ||
219 | * @e cs is #ANASTASIS_CHALLENGE_STATUS_SERVER_FAILURE. | ||
220 | */ | ||
221 | struct | ||
222 | { | ||
223 | |||
224 | /** | ||
225 | * HTTP status returned by the server. | ||
226 | */ | ||
227 | unsigned int http_status; | ||
228 | |||
229 | /** | ||
230 | * Taler-specific error code. | ||
231 | */ | ||
232 | enum TALER_ErrorCode ec; | ||
233 | |||
234 | } server_failure; | ||
235 | |||
236 | } details; | ||
237 | }; | ||
238 | |||
239 | |||
240 | /** | ||
241 | * Defines a callback for the response status for a challenge start | ||
242 | * operation. | ||
243 | * | ||
244 | * @param cls closure | ||
245 | * @param csr response details | ||
246 | */ | ||
247 | typedef void | ||
248 | (*ANASTASIS_AnswerFeedback)( | ||
249 | void *cls, | ||
250 | const struct ANASTASIS_ChallengeStartResponse *csr); | ||
251 | |||
252 | |||
253 | /** | ||
254 | * User starts a challenge which reponds out of bounds (E-Mail, SMS, | ||
255 | * Postal..) If the challenge is zero cost, the challenge | ||
256 | * instructions will be sent to the client. If the challenge needs | ||
257 | * payment a payment link is sent to the client. After payment the | ||
258 | * challenge start method has to be called again. | ||
259 | * | ||
260 | * @param c reference to the escrow challenge which is started | ||
261 | * @param psp payment secret, NULL if no payment was yet made | ||
262 | * @param timeout how long to wait for payment | ||
263 | * @param hashed_answer answer to the challenge, NULL if we have none yet | ||
264 | * @param af reference to the answerfeedback which is passed back to the user | ||
265 | * @param af_cls closure for @a af | ||
266 | * @return #GNUNET_OK if the challenge was successfully started | ||
267 | */ | ||
268 | int | ||
269 | ANASTASIS_challenge_start (struct ANASTASIS_Challenge *c, | ||
270 | const struct ANASTASIS_PaymentSecretP *psp, | ||
271 | struct GNUNET_TIME_Relative timeout, | ||
272 | const struct GNUNET_HashCode *hashed_answer, | ||
273 | ANASTASIS_AnswerFeedback af, | ||
274 | void *af_cls); | ||
275 | |||
276 | |||
277 | /** | ||
278 | * Challenge answer for a security question. Is referenced to | ||
279 | * a challenge and sends back an AnswerFeedback. Convenience | ||
280 | * wrapper around #ANASTASIS_challenge_start that hashes @a answer | ||
281 | * for security questions. | ||
282 | * | ||
283 | * @param c reference to the challenge which is answered | ||
284 | * @param psp information about payment made for the recovery | ||
285 | * @param timeout how long to wait for payment | ||
286 | * @param answer user input instruction defines which input is needed | ||
287 | * @param af reference to the answerfeedback which is passed back to the user | ||
288 | * @param af_cls closure for @a af | ||
289 | * @return #GNUNET_OK on success | ||
290 | */ | ||
291 | int | ||
292 | ANASTASIS_challenge_answer (struct ANASTASIS_Challenge *c, | ||
293 | const struct ANASTASIS_PaymentSecretP *psp, | ||
294 | struct GNUNET_TIME_Relative timeout, | ||
295 | const char *answer, | ||
296 | ANASTASIS_AnswerFeedback af, | ||
297 | void *af_cls); | ||
298 | |||
299 | |||
300 | /** | ||
301 | * Challenge answer from the user like input SMS TAN or e-mail wpin. Is | ||
302 | * referenced to a challenge and sends back an AnswerFeedback. | ||
303 | * Convenience wrapper around #ANASTASIS_challenge_start that hashes | ||
304 | * numeric (unsalted) @a answer. Variant for numeric answers. | ||
305 | * | ||
306 | * @param c reference to the challenge which is answered | ||
307 | * @param psp information about payment made for the recovery | ||
308 | * @param timeout how long to wait for payment | ||
309 | * @param answer user input instruction defines which input is needed | ||
310 | * @param af reference to the answerfeedback which is passed back to the user | ||
311 | * @param af_cls closure for @a af | ||
312 | * @return #GNUNET_OK on success | ||
313 | */ | ||
314 | int | ||
315 | ANASTASIS_challenge_answer2 (struct ANASTASIS_Challenge *c, | ||
316 | const struct ANASTASIS_PaymentSecretP *psp, | ||
317 | struct GNUNET_TIME_Relative timeout, | ||
318 | uint64_t answer, | ||
319 | ANASTASIS_AnswerFeedback af, | ||
320 | void *af_cls); | ||
321 | |||
322 | |||
323 | /** | ||
324 | * Abort answering challenge. | ||
325 | * | ||
326 | * @param c reference to the escrow challenge which was started | ||
327 | */ | ||
328 | void | ||
329 | ANASTASIS_challenge_abort (struct ANASTASIS_Challenge *c); | ||
330 | |||
331 | |||
332 | /** | ||
333 | * Defines a Decryption Policy with multiple escrow methods | ||
334 | */ | ||
335 | struct ANASTASIS_DecryptionPolicy | ||
336 | { | ||
337 | /** | ||
338 | * Array of challenges needed to solve for this decryption policy. | ||
339 | */ | ||
340 | struct ANASTASIS_Challenge **challenges; | ||
341 | |||
342 | /** | ||
343 | * Length of the @a challenges in this policy. | ||
344 | */ | ||
345 | unsigned int challenges_length; | ||
346 | |||
347 | }; | ||
348 | |||
349 | |||
350 | /** | ||
351 | * Defines the recovery information (possible policies and version of the recovery document) | ||
352 | */ | ||
353 | struct ANASTASIS_RecoveryInformation | ||
354 | { | ||
355 | |||
356 | /** | ||
357 | * Array of @e dps_len policies that would allow recovery of the core secret. | ||
358 | */ | ||
359 | struct ANASTASIS_DecryptionPolicy **dps; | ||
360 | |||
361 | /** | ||
362 | * Array of all @e cs_len challenges to be solved (for any of the policies). | ||
363 | */ | ||
364 | struct ANASTASIS_Challenge **cs; | ||
365 | |||
366 | /** | ||
367 | * Name of the secret being recovered, possibly NULL. | ||
368 | */ | ||
369 | const char *secret_name; | ||
370 | |||
371 | /** | ||
372 | * Length of the @e dps array. | ||
373 | */ | ||
374 | unsigned int dps_len; | ||
375 | |||
376 | /** | ||
377 | * Length of the @e cs array. | ||
378 | */ | ||
379 | unsigned int cs_len; | ||
380 | |||
381 | /** | ||
382 | * Actual recovery document version obtained. | ||
383 | */ | ||
384 | unsigned int version; | ||
385 | }; | ||
386 | |||
387 | |||
388 | /** | ||
389 | * Callback which passes back the recovery document and its possible | ||
390 | * policies. Also passes back the version of the document for the user | ||
391 | * to check. | ||
392 | * | ||
393 | * @param cls closure for the callback | ||
394 | * @param ri recovery information struct which contains the policies | ||
395 | */ | ||
396 | typedef void | ||
397 | (*ANASTASIS_PolicyCallback)(void *cls, | ||
398 | const struct ANASTASIS_RecoveryInformation *ri); | ||
399 | |||
400 | |||
401 | /** | ||
402 | * Possible outcomes of a recovery process. | ||
403 | */ | ||
404 | enum ANASTASIS_RecoveryStatus | ||
405 | { | ||
406 | |||
407 | /** | ||
408 | * Recovery succeeded. | ||
409 | */ | ||
410 | ANASTASIS_RS_SUCCESS = 0, | ||
411 | |||
412 | /** | ||
413 | * The HTTP download of the policy failed. | ||
414 | */ | ||
415 | ANASTASIS_RS_POLICY_DOWNLOAD_FAILED, | ||
416 | |||
417 | /** | ||
418 | * We did not get a valid policy document. | ||
419 | */ | ||
420 | ANASTASIS_RS_POLICY_DOWNLOAD_NO_POLICY, | ||
421 | |||
422 | /** | ||
423 | * The decompressed policy document was too big for available memory. | ||
424 | */ | ||
425 | ANASTASIS_RS_POLICY_DOWNLOAD_TOO_BIG, | ||
426 | |||
427 | /** | ||
428 | * The decrypted policy document was not compressed. | ||
429 | */ | ||
430 | ANASTASIS_RS_POLICY_DOWNLOAD_INVALID_COMPRESSION, | ||
431 | |||
432 | /** | ||
433 | * The decompressed policy document was not in JSON. | ||
434 | */ | ||
435 | ANASTASIS_RS_POLICY_DOWNLOAD_NO_JSON, | ||
436 | |||
437 | /** | ||
438 | * The decompressed policy document was in malformed JSON. | ||
439 | */ | ||
440 | ANASTASIS_RS_POLICY_MALFORMED_JSON, | ||
441 | |||
442 | /** | ||
443 | * The Anastasis server reported a transient error. | ||
444 | */ | ||
445 | ANASTASIS_RS_POLICY_SERVER_ERROR, | ||
446 | |||
447 | /** | ||
448 | * The Anastasis server no longer has a policy (likely expired). | ||
449 | */ | ||
450 | ANASTASIS_RS_POLICY_GONE, | ||
451 | |||
452 | /** | ||
453 | * The Anastasis server reported that the account is unknown. | ||
454 | */ | ||
455 | ANASTASIS_RS_POLICY_UNKNOWN | ||
456 | }; | ||
457 | |||
458 | |||
459 | /** | ||
460 | * This function is called whenever the recovery process ends. | ||
461 | * On success, the secret is returned in @a secret. | ||
462 | * | ||
463 | * @param cls closure | ||
464 | * @param ec error code | ||
465 | * @param secret contains the core secret which is passed to the user | ||
466 | * @param secret_size defines the size of the core secret | ||
467 | */ | ||
468 | typedef void | ||
469 | (*ANASTASIS_CoreSecretCallback)(void *cls, | ||
470 | enum ANASTASIS_RecoveryStatus rc, | ||
471 | const void *secret, | ||
472 | size_t secret_size); | ||
473 | |||
474 | |||
475 | /** | ||
476 | * stores provider URIs, identity key material, decrypted recovery document (internally!) | ||
477 | */ | ||
478 | struct ANASTASIS_Recovery; | ||
479 | |||
480 | |||
481 | /** | ||
482 | * Starts the recovery process by opening callbacks for the coresecret and a policy callback. A list of | ||
483 | * providers is checked for policies and passed back to the client. | ||
484 | * | ||
485 | * @param ctx context for making HTTP requests | ||
486 | * @param id_data contains the users identity, (user account on providers) | ||
487 | * @param version defines the version which will be downloaded NULL for latest version | ||
488 | * @param anastasis_provider_url NULL terminated list of possible provider urls | ||
489 | * @param provider_salt the server salt | ||
490 | * @param pc opens the policy call back which holds the downloaded version and the policies | ||
491 | * @param pc_cls closure for callback | ||
492 | * @param csc core secret callback is opened, with this the core secert is passed to the client after the authentication | ||
493 | * @param csc_cls handle for the callback | ||
494 | * @return recovery operation handle | ||
495 | */ | ||
496 | struct ANASTASIS_Recovery * | ||
497 | ANASTASIS_recovery_begin ( | ||
498 | struct GNUNET_CURL_Context *ctx, | ||
499 | const json_t *id_data, | ||
500 | unsigned int version, | ||
501 | const char *anastasis_provider_url, | ||
502 | const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, | ||
503 | ANASTASIS_PolicyCallback pc, | ||
504 | void *pc_cls, | ||
505 | ANASTASIS_CoreSecretCallback csc, | ||
506 | void *csc_cls); | ||
507 | |||
508 | |||
509 | /** | ||
510 | * Serialize recovery operation state and returning it. | ||
511 | * The recovery MAY still continue, applications should call | ||
512 | * #ANASTASIS_recovery_abort() to truly end the recovery. | ||
513 | * | ||
514 | * @param r recovery operation to suspend. | ||
515 | * @return JSON serialized state of @a r | ||
516 | */ | ||
517 | json_t * | ||
518 | ANASTASIS_recovery_serialize (const struct ANASTASIS_Recovery *r); | ||
519 | |||
520 | |||
521 | /** | ||
522 | * Deserialize recovery operation. | ||
523 | * | ||
524 | * @param ctx context for making HTTP requests | ||
525 | * @param input result from #ANASTASIS_recovery_serialize() | ||
526 | * @param pc opens the policy call back which holds the downloaded version and the policies | ||
527 | * @param pc_cls closure for callback | ||
528 | * @param csc core secret callback is opened, with this the core secert is passed to the client after the authentication | ||
529 | * @param csc_cls handle for the callback | ||
530 | * @return recovery operation handle | ||
531 | */ | ||
532 | struct ANASTASIS_Recovery * | ||
533 | ANASTASIS_recovery_deserialize (struct GNUNET_CURL_Context *ctx, | ||
534 | const json_t *input, | ||
535 | ANASTASIS_PolicyCallback pc, | ||
536 | void *pc_cls, | ||
537 | ANASTASIS_CoreSecretCallback csc, | ||
538 | void *csc_cls); | ||
539 | |||
540 | |||
541 | /** | ||
542 | * Cancels the recovery process | ||
543 | * | ||
544 | * @param r handle to the recovery struct | ||
545 | */ | ||
546 | void | ||
547 | ANASTASIS_recovery_abort (struct ANASTASIS_Recovery *r); | ||
548 | |||
549 | |||
550 | /* ************************* Backup API ***************************** */ | ||
551 | |||
552 | |||
553 | /** | ||
554 | * Represents a truth object, which is a key share and the respective | ||
555 | * challenge to be solved with an Anastasis provider to recover the | ||
556 | * key share. | ||
557 | */ | ||
558 | struct ANASTASIS_Truth; | ||
559 | |||
560 | |||
561 | /** | ||
562 | * Extracts truth data from JSON. | ||
563 | * | ||
564 | * @param json JSON encoding to decode; truth returned ONLY valid as long | ||
565 | * as the JSON remains valid (do not decref until the truth | ||
566 | * is truly finished) | ||
567 | * @return decoded truth object, NULL on error | ||
568 | */ | ||
569 | struct ANASTASIS_Truth * | ||
570 | ANASTASIS_truth_from_json (const json_t *json); | ||
571 | |||
572 | |||
573 | /** | ||
574 | * Returns JSON-encoded truth data. | ||
575 | * Creates a policy with a set of truth's. Creates the policy key | ||
576 | * with the different key shares from the @a truths. The policy key | ||
577 | * will then be used to encrypt/decrypt the escrow master key. | ||
578 | * | ||
579 | * @param t object to return JSON encoding for | ||
580 | * @return JSON encoding of @a t | ||
581 | */ | ||
582 | json_t * | ||
583 | ANASTASIS_truth_to_json (const struct ANASTASIS_Truth *t); | ||
584 | |||
585 | |||
586 | /** | ||
587 | * Handle for the operation to establish a truth object by sharing | ||
588 | * an encrypted key share with an Anastasis provider. | ||
589 | */ | ||
590 | struct ANASTASIS_TruthUpload; | ||
591 | |||
592 | |||
593 | /** | ||
594 | * Upload result information. The resulting truth object can be used | ||
595 | * to create policies. If payment is required, the @a taler_pay_url | ||
596 | * is returned and the operation must be retried after payment. | ||
597 | * Callee MUST free @a t using ANASTASIS_truth_free(). | ||
598 | * | ||
599 | * @param cls closure for callback | ||
600 | * @param t truth object to create policies, NULL on failure | ||
601 | * @param ud upload details, useful to continue in case of errors, NULL on success | ||
602 | */ | ||
603 | typedef void | ||
604 | (*ANASTASIS_TruthCallback)(void *cls, | ||
605 | struct ANASTASIS_Truth *t, | ||
606 | const struct ANASTASIS_UploadDetails *ud); | ||
607 | |||
608 | |||
609 | /** | ||
610 | * Uploads truth data to an escrow provider. The resulting truth object | ||
611 | * is returned via the @a tc function. If payment is required, it is | ||
612 | * requested via the @a tcp callback. | ||
613 | * | ||
614 | * @param ctx the CURL context used to connect to the backend | ||
615 | * @param user_id user identifier derived from user data and backend salt | ||
616 | * @param type defines the type of the challenge (secure question, sms, email) | ||
617 | * @param instructions depending on @a type! usually only for security question/answer! | ||
618 | * @param mime_type format of the challenge | ||
619 | * @param provider_salt the providers salt | ||
620 | * @param truth_data contains the truth for this challenge i.e. phone number, email address | ||
621 | * @param truth_data_size size of the @a truth_data | ||
622 | * @param payment_years_requested for how many years would the client like the service to store the truth? | ||
623 | * @param pay_timeout how long to wait for payment | ||
624 | * @param tc opens the truth callback which contains the status of the upload | ||
625 | * @param tc_cls closure for the @a tc callback | ||
626 | */ | ||
627 | struct ANASTASIS_TruthUpload * | ||
628 | ANASTASIS_truth_upload ( | ||
629 | struct GNUNET_CURL_Context *ctx, | ||
630 | const struct ANASTASIS_CRYPTO_UserIdentifierP *user_id, | ||
631 | const char *provider_url, | ||
632 | const char *type, | ||
633 | const char *instructions, | ||
634 | const char *mime_type, | ||
635 | const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, | ||
636 | const void *truth_data, | ||
637 | size_t truth_data_size, | ||
638 | uint32_t payment_years_requested, | ||
639 | struct GNUNET_TIME_Relative pay_timeout, | ||
640 | ANASTASIS_TruthCallback tc, | ||
641 | void *tc_cls); | ||
642 | |||
643 | |||
644 | /** | ||
645 | * Retries upload of truth data to an escrow provider. The resulting | ||
646 | * truth object is returned via the @a tc function. If payment is | ||
647 | * required, it is requested via the @a tcp callback. | ||
648 | * | ||
649 | * @param ctx the CURL context used to connect to the backend | ||
650 | * @param user_id user identifier derived from user data and backend salt | ||
651 | * @param type defines the type of the challenge (secure question, sms, email) | ||
652 | * @param instructions depending on @a type! usually only for security question/answer! | ||
653 | * @param mime_type format of the challenge | ||
654 | * @param provider_salt the providers salt | ||
655 | * @param truth_data contains the truth for this challenge i.e. phone number, email address | ||
656 | * @param truth_data_size size of the @a truth_data | ||
657 | * @param payment_years_requested for how many years would the client like the service to store the truth? | ||
658 | * @param pay_timeout how long to wait for payment | ||
659 | * @param nonce nonce to use for symmetric encryption | ||
660 | * @param uuid truth UUID to use | ||
661 | * @param salt salt to use to hash security questions | ||
662 | * @param truth_key symmetric encryption key to use to encrypt @a truth_data | ||
663 | * @param key_share share of the overall key to store in this truth object | ||
664 | * @param tc opens the truth callback which contains the status of the upload | ||
665 | * @param tc_cls closure for the @a tc callback | ||
666 | */ | ||
667 | struct ANASTASIS_TruthUpload * | ||
668 | ANASTASIS_truth_upload2 ( | ||
669 | struct GNUNET_CURL_Context *ctx, | ||
670 | const struct ANASTASIS_CRYPTO_UserIdentifierP *user_id, | ||
671 | const char *provider_url, | ||
672 | const char *type, | ||
673 | const char *instructions, | ||
674 | const char *mime_type, | ||
675 | const struct ANASTASIS_CRYPTO_ProviderSaltP *provider_salt, | ||
676 | const void *truth_data, | ||
677 | size_t truth_data_size, | ||
678 | uint32_t payment_years_requested, | ||
679 | struct GNUNET_TIME_Relative pay_timeout, | ||
680 | const struct ANASTASIS_CRYPTO_NonceP *nonce, | ||
681 | const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid, | ||
682 | const struct ANASTASIS_CRYPTO_QuestionSaltP *salt, | ||
683 | const struct ANASTASIS_CRYPTO_TruthKeyP *truth_key, | ||
684 | const struct ANASTASIS_CRYPTO_KeyShareP *key_share, | ||
685 | ANASTASIS_TruthCallback tc, | ||
686 | void *tc_cls); | ||
687 | |||
688 | |||
689 | /** | ||
690 | * Retries upload of truth data to an escrow provider using an | ||
691 | * existing truth object. If payment is required, it is requested via | ||
692 | * the @a tc callback. | ||
693 | * | ||
694 | * @param ctx the CURL context used to connect to the backend | ||
695 | * @param user_id user identifier derived from user data and backend salt | ||
696 | * @param[in] t truth details, reference is consumed | ||
697 | * @param truth_data contains the truth for this challenge i.e. phone number, email address | ||
698 | * @param truth_data_size size of the @a truth_data | ||
699 | * @param payment_years_requested for how many years would the client like the service to store the truth? | ||
700 | * @param pay_timeout how long to wait for payment | ||
701 | * @param tc opens the truth callback which contains the status of the upload | ||
702 | * @param tc_cls closure for the @a tc callback | ||
703 | */ | ||
704 | struct ANASTASIS_TruthUpload * | ||
705 | ANASTASIS_truth_upload3 (struct GNUNET_CURL_Context *ctx, | ||
706 | const struct ANASTASIS_CRYPTO_UserIdentifierP *user_id, | ||
707 | struct ANASTASIS_Truth *t, | ||
708 | const void *truth_data, | ||
709 | size_t truth_data_size, | ||
710 | uint32_t payment_years_requested, | ||
711 | struct GNUNET_TIME_Relative pay_timeout, | ||
712 | ANASTASIS_TruthCallback tc, | ||
713 | void *tc_cls); | ||
714 | |||
715 | |||
716 | /** | ||
717 | * Cancels a truth upload process. | ||
718 | * | ||
719 | * @param tu handle for the upload | ||
720 | */ | ||
721 | void | ||
722 | ANASTASIS_truth_upload_cancel (struct ANASTASIS_TruthUpload *tu); | ||
723 | |||
724 | |||
725 | /** | ||
726 | * Free's the truth object which was returned to a #ANASTASIS_TruthCallback. | ||
727 | * | ||
728 | * @param t object to clean up | ||
729 | */ | ||
730 | void | ||
731 | ANASTASIS_truth_free (struct ANASTASIS_Truth *t); | ||
732 | |||
733 | |||
734 | /** | ||
735 | * Policy object, representing a set of truths (and thus challenges | ||
736 | * to satisfy) to recover a secret. | ||
737 | */ | ||
738 | struct ANASTASIS_Policy; | ||
739 | |||
740 | |||
741 | /** | ||
742 | * Creates a policy with a set of truth's. Creates the policy key | ||
743 | * with the different key shares from the @a truths. The policy key | ||
744 | * will then be used to encrypt/decrypt the escrow master key. | ||
745 | * | ||
746 | * @param truths array of truths which are stored on different providers | ||
747 | * @param truths_len length of the @a truths array | ||
748 | */ | ||
749 | struct ANASTASIS_Policy * | ||
750 | ANASTASIS_policy_create (const struct ANASTASIS_Truth *truths[], | ||
751 | unsigned int truths_len); | ||
752 | |||
753 | |||
754 | /** | ||
755 | * Destroys a policy object. | ||
756 | * | ||
757 | * @param p handle for the policy to destroy | ||
758 | */ | ||
759 | void | ||
760 | ANASTASIS_policy_destroy (struct ANASTASIS_Policy *p); | ||
761 | |||
762 | |||
763 | /** | ||
764 | * Information about a provider requesting payment for storing a policy. | ||
765 | */ | ||
766 | struct ANASTASIS_SharePaymentRequest | ||
767 | { | ||
768 | /** | ||
769 | * Payment request URL. | ||
770 | */ | ||
771 | const char *payment_request_url; | ||
772 | |||
773 | /** | ||
774 | * Base URL of the provider requesting payment. | ||
775 | */ | ||
776 | const char *provider_url; | ||
777 | |||
778 | /** | ||
779 | * The payment secret (aka order ID) extracted from the @e payment_request_url. | ||
780 | */ | ||
781 | struct ANASTASIS_PaymentSecretP payment_secret; | ||
782 | }; | ||
783 | |||
784 | |||
785 | /** | ||
786 | * Result of uploading share data. | ||
787 | */ | ||
788 | enum ANASTASIS_ShareStatus | ||
789 | { | ||
790 | /** | ||
791 | * Upload successful. | ||
792 | */ | ||
793 | ANASTASIS_SHARE_STATUS_SUCCESS = 0, | ||
794 | |||
795 | /** | ||
796 | * Upload requires payment. | ||
797 | */ | ||
798 | ANASTASIS_SHARE_STATUS_PAYMENT_REQUIRED, | ||
799 | |||
800 | /** | ||
801 | * Failure to upload secret share at the provider. | ||
802 | */ | ||
803 | ANASTASIS_SHARE_STATUS_PROVIDER_FAILED | ||
804 | }; | ||
805 | |||
806 | |||
807 | /** | ||
808 | * Per-provider status upon successful backup. | ||
809 | */ | ||
810 | struct ANASTASIS_ProviderSuccessStatus | ||
811 | { | ||
812 | /** | ||
813 | * Base URL of the provider. | ||
814 | */ | ||
815 | const char *provider_url; | ||
816 | |||
817 | /** | ||
818 | * When will the policy expire? | ||
819 | */ | ||
820 | struct GNUNET_TIME_Absolute policy_expiration; | ||
821 | |||
822 | /** | ||
823 | * Version number of the policy at the provider. | ||
824 | */ | ||
825 | unsigned long long policy_version; | ||
826 | |||
827 | }; | ||
828 | |||
829 | |||
830 | /** | ||
831 | * Complete result of a secret sharing operation. | ||
832 | */ | ||
833 | struct ANASTASIS_ShareResult | ||
834 | { | ||
835 | /** | ||
836 | * Status of the share secret operation. | ||
837 | */ | ||
838 | enum ANASTASIS_ShareStatus ss; | ||
839 | |||
840 | /** | ||
841 | * Details about the result, depending on @e ss. | ||
842 | */ | ||
843 | union | ||
844 | { | ||
845 | |||
846 | struct | ||
847 | { | ||
848 | |||
849 | /** | ||
850 | * Array of status details for each provider. | ||
851 | */ | ||
852 | const struct ANASTASIS_ProviderSuccessStatus *pss; | ||
853 | |||
854 | /** | ||
855 | * Length of the @e policy_version and @e provider_urls arrays. | ||
856 | */ | ||
857 | unsigned int num_providers; | ||
858 | |||
859 | } success; | ||
860 | |||
861 | struct | ||
862 | { | ||
863 | /** | ||
864 | * Array of URLs with requested payments. | ||
865 | */ | ||
866 | struct ANASTASIS_SharePaymentRequest *payment_requests; | ||
867 | |||
868 | /** | ||
869 | * Length of the payment_requests array. | ||
870 | */ | ||
871 | unsigned int payment_requests_length; | ||
872 | } payment_required; | ||
873 | |||
874 | struct | ||
875 | { | ||
876 | /** | ||
877 | * Base URL of the failed provider. | ||
878 | */ | ||
879 | const char *provider_url; | ||
880 | |||
881 | /** | ||
882 | * HTTP status returned by the provider. | ||
883 | */ | ||
884 | unsigned int http_status; | ||
885 | |||
886 | /** | ||
887 | * Upload status of the provider. | ||
888 | */ | ||
889 | enum ANASTASIS_UploadStatus ec; | ||
890 | |||
891 | |||
892 | } provider_failure; | ||
893 | |||
894 | } details; | ||
895 | |||
896 | }; | ||
897 | |||
898 | |||
899 | /** | ||
900 | * Function called with the results of a #ANASTASIS_secret_share(). | ||
901 | * | ||
902 | * @param cls closure | ||
903 | * @param sr share result | ||
904 | */ | ||
905 | typedef void | ||
906 | (*ANASTASIS_ShareResultCallback)(void *cls, | ||
907 | const struct ANASTASIS_ShareResult *sr); | ||
908 | |||
909 | |||
910 | /** | ||
911 | * Defines a recovery document upload process (recovery document | ||
912 | * consists of multiple policies) | ||
913 | */ | ||
914 | struct ANASTASIS_SecretShare; | ||
915 | |||
916 | |||
917 | /** | ||
918 | * Details of a past payment | ||
919 | */ | ||
920 | struct ANASTASIS_ProviderDetails | ||
921 | { | ||
922 | /** | ||
923 | * URL of the provider backend. | ||
924 | */ | ||
925 | const char *provider_url; | ||
926 | |||
927 | /** | ||
928 | * Payment order ID / secret of a past payment. | ||
929 | */ | ||
930 | struct ANASTASIS_PaymentSecretP payment_secret; | ||
931 | |||
932 | /** | ||
933 | * Server salt. Points into a truth object from which we got the | ||
934 | * salt. | ||
935 | */ | ||
936 | struct ANASTASIS_CRYPTO_ProviderSaltP provider_salt; | ||
937 | }; | ||
938 | |||
939 | |||
940 | /** | ||
941 | * Creates a recovery document with the created policies and uploads it to | ||
942 | * all servers. | ||
943 | * | ||
944 | * @param ctx the CURL context used to connect to the backend | ||
945 | * @param id_data used to create a account identifier on the escrow provider | ||
946 | * @param providers array of providers with URLs to upload the policies to | ||
947 | * @param pss_length length of the @a providers array | ||
948 | * @param policies list of policies which are included in this recovery document | ||
949 | * @param policies_length length of the @a policies array | ||
950 | * @param payment_years_requested for how many years would the client like the service to store the truth? | ||
951 | * @param pay_timeout how long to wait for payment | ||
952 | * @param spc payment callback is opened to pay the upload | ||
953 | * @param spc_cls closure for the @a spc payment callback | ||
954 | * @param src callback for the upload process | ||
955 | * @param src_cls closure for the @a src upload callback | ||
956 | * @param secret_name name of the core secret | ||
957 | * @param core_secret input of the user which is secured by anastasis e.g. (wallet private key) | ||
958 | * @param core_secret_size size of the @a core_secret | ||
959 | * @return NULL on error | ||
960 | */ | ||
961 | struct ANASTASIS_SecretShare * | ||
962 | ANASTASIS_secret_share (struct GNUNET_CURL_Context *ctx, | ||
963 | const json_t *id_data, | ||
964 | const struct ANASTASIS_ProviderDetails providers[], | ||
965 | unsigned int pss_length, | ||
966 | const struct ANASTASIS_Policy *policies[], | ||
967 | unsigned int policies_len, | ||
968 | uint32_t payment_years_requested, | ||
969 | struct GNUNET_TIME_Relative pay_timeout, | ||
970 | ANASTASIS_ShareResultCallback src, | ||
971 | void *src_cls, | ||
972 | const char *secret_name, | ||
973 | const void *core_secret, | ||
974 | size_t core_secret_size); | ||
975 | |||
976 | |||
977 | /** | ||
978 | * Cancels a secret share request. | ||
979 | * | ||
980 | * @param ss handle to the request | ||
981 | */ | ||
982 | void | ||
983 | ANASTASIS_secret_share_cancel (struct ANASTASIS_SecretShare *ss); | ||
984 | |||
985 | |||
986 | #endif | ||