xref: /aosp_15_r20/external/boringssl/include/openssl/trust_token.h (revision 8fb009dc861624b67b6cdb62ea21f0f22d0c584b) 
1*8fb009dcSAndroid Build Coastguard Worker /* Copyright (c) 2020, Google Inc.
2*8fb009dcSAndroid Build Coastguard Worker  *
3*8fb009dcSAndroid Build Coastguard Worker  * Permission to use, copy, modify, and/or distribute this software for any
4*8fb009dcSAndroid Build Coastguard Worker  * purpose with or without fee is hereby granted, provided that the above
5*8fb009dcSAndroid Build Coastguard Worker  * copyright notice and this permission notice appear in all copies.
6*8fb009dcSAndroid Build Coastguard Worker  *
7*8fb009dcSAndroid Build Coastguard Worker  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8*8fb009dcSAndroid Build Coastguard Worker  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9*8fb009dcSAndroid Build Coastguard Worker  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10*8fb009dcSAndroid Build Coastguard Worker  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11*8fb009dcSAndroid Build Coastguard Worker  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12*8fb009dcSAndroid Build Coastguard Worker  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13*8fb009dcSAndroid Build Coastguard Worker  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14*8fb009dcSAndroid Build Coastguard Worker 
15*8fb009dcSAndroid Build Coastguard Worker #ifndef OPENSSL_HEADER_TRUST_TOKEN_H
16*8fb009dcSAndroid Build Coastguard Worker #define OPENSSL_HEADER_TRUST_TOKEN_H
17*8fb009dcSAndroid Build Coastguard Worker 
18*8fb009dcSAndroid Build Coastguard Worker #include <openssl/base.h>
19*8fb009dcSAndroid Build Coastguard Worker #include <openssl/stack.h>
20*8fb009dcSAndroid Build Coastguard Worker 
21*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus)
22*8fb009dcSAndroid Build Coastguard Worker extern "C" {
23*8fb009dcSAndroid Build Coastguard Worker #endif
24*8fb009dcSAndroid Build Coastguard Worker 
25*8fb009dcSAndroid Build Coastguard Worker 
26*8fb009dcSAndroid Build Coastguard Worker // Trust Token implementation.
27*8fb009dcSAndroid Build Coastguard Worker //
28*8fb009dcSAndroid Build Coastguard Worker // Trust Token is an implementation of an experimental mechanism similar to
29*8fb009dcSAndroid Build Coastguard Worker // Privacy Pass which allows issuance and redemption of anonymized tokens with
30*8fb009dcSAndroid Build Coastguard Worker // limited private metadata.
31*8fb009dcSAndroid Build Coastguard Worker //
32*8fb009dcSAndroid Build Coastguard Worker // References:
33*8fb009dcSAndroid Build Coastguard Worker // https://eprint.iacr.org/2020/072.pdf
34*8fb009dcSAndroid Build Coastguard Worker // https://github.com/alxdavids/privacy-pass-ietf/tree/master/drafts
35*8fb009dcSAndroid Build Coastguard Worker // https://github.com/WICG/trust-token-api/blob/master/README.md
36*8fb009dcSAndroid Build Coastguard Worker //
37*8fb009dcSAndroid Build Coastguard Worker // WARNING: This API is unstable and subject to change.
38*8fb009dcSAndroid Build Coastguard Worker 
39*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_experiment_v1 is an experimental Trust Tokens protocol using
40*8fb009dcSAndroid Build Coastguard Worker // PMBTokens and P-384.
41*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void);
42*8fb009dcSAndroid Build Coastguard Worker 
43*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol
44*8fb009dcSAndroid Build Coastguard Worker // using VOPRFs and P-384 with up to 6 keys, without RR verification.
45*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void);
46*8fb009dcSAndroid Build Coastguard Worker 
47*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using
48*8fb009dcSAndroid Build Coastguard Worker // PMBTokens and P-384 with up to 3 keys, without RR verification.
49*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void);
50*8fb009dcSAndroid Build Coastguard Worker 
51*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_pst_v1_voprf is an experimental Trust Tokens protocol
52*8fb009dcSAndroid Build Coastguard Worker // using VOPRFs and P-384 with up to 6 keys, without RR verification.
53*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_voprf(void);
54*8fb009dcSAndroid Build Coastguard Worker 
55*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_pst_v1_pmb is an experimental Trust Tokens protocol using
56*8fb009dcSAndroid Build Coastguard Worker // PMBTokens and P-384 with up to 3 keys, without RR verification.
57*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_pst_v1_pmb(void);
58*8fb009dcSAndroid Build Coastguard Worker 
59*8fb009dcSAndroid Build Coastguard Worker // trust_token_st represents a single-use token for the Trust Token protocol.
60*8fb009dcSAndroid Build Coastguard Worker // For the client, this is the token and its corresponding signature. For the
61*8fb009dcSAndroid Build Coastguard Worker // issuer, this is the token itself.
62*8fb009dcSAndroid Build Coastguard Worker struct trust_token_st {
63*8fb009dcSAndroid Build Coastguard Worker   uint8_t *data;
64*8fb009dcSAndroid Build Coastguard Worker   size_t len;
65*8fb009dcSAndroid Build Coastguard Worker };
66*8fb009dcSAndroid Build Coastguard Worker 
67*8fb009dcSAndroid Build Coastguard Worker DEFINE_STACK_OF(TRUST_TOKEN)
68*8fb009dcSAndroid Build Coastguard Worker 
69*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_new creates a newly-allocated |TRUST_TOKEN| with value |data| or
70*8fb009dcSAndroid Build Coastguard Worker // NULL on allocation failure.
71*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len);
72*8fb009dcSAndroid Build Coastguard Worker 
73*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_free releases memory associated with |token|.
74*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void TRUST_TOKEN_free(TRUST_TOKEN *token);
75*8fb009dcSAndroid Build Coastguard Worker 
76*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE 512
77*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE 512
78*8fb009dcSAndroid Build Coastguard Worker 
79*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_generate_key creates a new Trust Token keypair labeled with |id|
80*8fb009dcSAndroid Build Coastguard Worker // and serializes the private and public keys, writing the private key to
81*8fb009dcSAndroid Build Coastguard Worker // |out_priv_key| and setting |*out_priv_key_len| to the number of bytes
82*8fb009dcSAndroid Build Coastguard Worker // written, and writing the public key to |out_pub_key| and setting
83*8fb009dcSAndroid Build Coastguard Worker // |*out_pub_key_len| to the number of bytes written.
84*8fb009dcSAndroid Build Coastguard Worker //
85*8fb009dcSAndroid Build Coastguard Worker // At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
86*8fb009dcSAndroid Build Coastguard Worker // to ensure success, these should be at least
87*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
88*8fb009dcSAndroid Build Coastguard Worker //
89*8fb009dcSAndroid Build Coastguard Worker // This function returns one on success or zero on error.
90*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_generate_key(
91*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
92*8fb009dcSAndroid Build Coastguard Worker     size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
93*8fb009dcSAndroid Build Coastguard Worker     size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id);
94*8fb009dcSAndroid Build Coastguard Worker 
95*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_derive_key_from_secret deterministically derives a new Trust
96*8fb009dcSAndroid Build Coastguard Worker // Token keypair labeled with |id| from an input |secret| and serializes the
97*8fb009dcSAndroid Build Coastguard Worker // private and public keys, writing the private key to |out_priv_key| and
98*8fb009dcSAndroid Build Coastguard Worker // setting |*out_priv_key_len| to the number of bytes written, and writing the
99*8fb009dcSAndroid Build Coastguard Worker // public key to |out_pub_key| and setting |*out_pub_key_len| to the number of
100*8fb009dcSAndroid Build Coastguard Worker // bytes written.
101*8fb009dcSAndroid Build Coastguard Worker //
102*8fb009dcSAndroid Build Coastguard Worker // At most |max_priv_key_len| and |max_pub_key_len| bytes are written. In order
103*8fb009dcSAndroid Build Coastguard Worker // to ensure success, these should be at least
104*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE| and |TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE|.
105*8fb009dcSAndroid Build Coastguard Worker //
106*8fb009dcSAndroid Build Coastguard Worker // This function returns one on success or zero on error.
107*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_derive_key_from_secret(
108*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_METHOD *method, uint8_t *out_priv_key,
109*8fb009dcSAndroid Build Coastguard Worker     size_t *out_priv_key_len, size_t max_priv_key_len, uint8_t *out_pub_key,
110*8fb009dcSAndroid Build Coastguard Worker     size_t *out_pub_key_len, size_t max_pub_key_len, uint32_t id,
111*8fb009dcSAndroid Build Coastguard Worker     const uint8_t *secret, size_t secret_len);
112*8fb009dcSAndroid Build Coastguard Worker 
113*8fb009dcSAndroid Build Coastguard Worker 
114*8fb009dcSAndroid Build Coastguard Worker // Trust Token client implementation.
115*8fb009dcSAndroid Build Coastguard Worker //
116*8fb009dcSAndroid Build Coastguard Worker // These functions implements the client half of the Trust Token protocol. A
117*8fb009dcSAndroid Build Coastguard Worker // single |TRUST_TOKEN_CLIENT| can perform a single protocol operation.
118*8fb009dcSAndroid Build Coastguard Worker 
119*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_new returns a newly-allocated |TRUST_TOKEN_CLIENT|
120*8fb009dcSAndroid Build Coastguard Worker // configured to use a max batchsize of |max_batchsize| or NULL on error.
121*8fb009dcSAndroid Build Coastguard Worker // Issuance requests must be made in batches smaller than |max_batchsize|. This
122*8fb009dcSAndroid Build Coastguard Worker // function will return an error if |max_batchsize| is too large for Trust
123*8fb009dcSAndroid Build Coastguard Worker // Tokens.
124*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(
125*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
126*8fb009dcSAndroid Build Coastguard Worker 
127*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_free releases memory associated with |ctx|.
128*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx);
129*8fb009dcSAndroid Build Coastguard Worker 
130*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_add_key configures the |ctx| to support the public key
131*8fb009dcSAndroid Build Coastguard Worker // |key|. It sets |*out_key_index| to the index this key has been configured to.
132*8fb009dcSAndroid Build Coastguard Worker // It returns one on success or zero on error if the |key| can't be parsed or
133*8fb009dcSAndroid Build Coastguard Worker // too many keys have been configured.
134*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx,
135*8fb009dcSAndroid Build Coastguard Worker                                               size_t *out_key_index,
136*8fb009dcSAndroid Build Coastguard Worker                                               const uint8_t *key,
137*8fb009dcSAndroid Build Coastguard Worker                                               size_t key_len);
138*8fb009dcSAndroid Build Coastguard Worker 
139*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_set_srr_key sets the public key used to verify the SRR. It
140*8fb009dcSAndroid Build Coastguard Worker // returns one on success and zero on error.
141*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx,
142*8fb009dcSAndroid Build Coastguard Worker                                                   EVP_PKEY *key);
143*8fb009dcSAndroid Build Coastguard Worker 
144*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_begin_issuance produces a request for |count| trust tokens
145*8fb009dcSAndroid Build Coastguard Worker // and serializes the request into a newly-allocated buffer, setting |*out| to
146*8fb009dcSAndroid Build Coastguard Worker // that buffer and |*out_len| to its length. The caller takes ownership of the
147*8fb009dcSAndroid Build Coastguard Worker // buffer and must call |OPENSSL_free| when done. It returns one on success and
148*8fb009dcSAndroid Build Coastguard Worker // zero on error.
149*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance(TRUST_TOKEN_CLIENT *ctx,
150*8fb009dcSAndroid Build Coastguard Worker                                                      uint8_t **out,
151*8fb009dcSAndroid Build Coastguard Worker                                                      size_t *out_len,
152*8fb009dcSAndroid Build Coastguard Worker                                                      size_t count);
153*8fb009dcSAndroid Build Coastguard Worker 
154*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_begin_issuance_over_message produces a request for a trust
155*8fb009dcSAndroid Build Coastguard Worker // token derived from |msg| and serializes the request into a newly-allocated
156*8fb009dcSAndroid Build Coastguard Worker // buffer, setting |*out| to that buffer and |*out_len| to its length. The
157*8fb009dcSAndroid Build Coastguard Worker // caller takes ownership of the buffer and must call |OPENSSL_free| when done.
158*8fb009dcSAndroid Build Coastguard Worker // It returns one on success and zero on error.
159*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_issuance_over_message(
160*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len, size_t count,
161*8fb009dcSAndroid Build Coastguard Worker     const uint8_t *msg, size_t msg_len);
162*8fb009dcSAndroid Build Coastguard Worker 
163*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_finish_issuance consumes |response| from the issuer and
164*8fb009dcSAndroid Build Coastguard Worker // extracts the tokens, returning a list of tokens and the index of the key used
165*8fb009dcSAndroid Build Coastguard Worker // to sign the tokens in |*out_key_index|. The caller can use this to determine
166*8fb009dcSAndroid Build Coastguard Worker // what key was used in an issuance and to drop tokens if a new key commitment
167*8fb009dcSAndroid Build Coastguard Worker // arrives without the specified key present. The caller takes ownership of the
168*8fb009dcSAndroid Build Coastguard Worker // list and must call |sk_TRUST_TOKEN_pop_free| when done. The list is empty if
169*8fb009dcSAndroid Build Coastguard Worker // issuance fails.
170*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) *
171*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx,
172*8fb009dcSAndroid Build Coastguard Worker                                        size_t *out_key_index,
173*8fb009dcSAndroid Build Coastguard Worker                                        const uint8_t *response,
174*8fb009dcSAndroid Build Coastguard Worker                                        size_t response_len);
175*8fb009dcSAndroid Build Coastguard Worker 
176*8fb009dcSAndroid Build Coastguard Worker 
177*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_begin_redemption produces a request to redeem a token
178*8fb009dcSAndroid Build Coastguard Worker // |token| and receive a signature over |data| and serializes the request into
179*8fb009dcSAndroid Build Coastguard Worker // a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to
180*8fb009dcSAndroid Build Coastguard Worker // its length. |time| is the number of seconds since the UNIX epoch and used to
181*8fb009dcSAndroid Build Coastguard Worker // verify the validity of the issuer's response in TrustTokenV1 and ignored in
182*8fb009dcSAndroid Build Coastguard Worker // other versions. The caller takes ownership of the buffer and must call
183*8fb009dcSAndroid Build Coastguard Worker // |OPENSSL_free| when done. It returns one on success or zero on error.
184*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption(
185*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len,
186*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN *token, const uint8_t *data, size_t data_len,
187*8fb009dcSAndroid Build Coastguard Worker     uint64_t time);
188*8fb009dcSAndroid Build Coastguard Worker 
189*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In
190*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid  sets
191*8fb009dcSAndroid Build Coastguard Worker // |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|)
192*8fb009dcSAndroid Build Coastguard Worker // to a newly-allocated buffer containing the SRR (respectively, the SRR
193*8fb009dcSAndroid Build Coastguard Worker // signature). In other versions, it sets |*out_rr| and |*out_rr_len|
194*8fb009dcSAndroid Build Coastguard Worker // to a newly-allocated buffer containing |response| and leaves all validation
195*8fb009dcSAndroid Build Coastguard Worker // to the caller. It returns one on success or zero on failure.
196*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption(
197*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len,
198*8fb009dcSAndroid Build Coastguard Worker     uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response,
199*8fb009dcSAndroid Build Coastguard Worker     size_t response_len);
200*8fb009dcSAndroid Build Coastguard Worker 
201*8fb009dcSAndroid Build Coastguard Worker 
202*8fb009dcSAndroid Build Coastguard Worker // Trust Token issuer implementation.
203*8fb009dcSAndroid Build Coastguard Worker //
204*8fb009dcSAndroid Build Coastguard Worker // These functions implement the issuer half of the Trust Token protocol. A
205*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_ISSUER| can be reused across multiple protocol operations. It
206*8fb009dcSAndroid Build Coastguard Worker // may be used concurrently on multiple threads by non-mutating functions,
207*8fb009dcSAndroid Build Coastguard Worker // provided no other thread is concurrently calling a mutating function.
208*8fb009dcSAndroid Build Coastguard Worker // Functions which take a |const| pointer are non-mutating and functions which
209*8fb009dcSAndroid Build Coastguard Worker // take a non-|const| pointer are mutating.
210*8fb009dcSAndroid Build Coastguard Worker 
211*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_new returns a newly-allocated |TRUST_TOKEN_ISSUER|
212*8fb009dcSAndroid Build Coastguard Worker // configured to use a max batchsize of |max_batchsize| or NULL on error.
213*8fb009dcSAndroid Build Coastguard Worker // Issuance requests must be made in batches smaller than |max_batchsize|. This
214*8fb009dcSAndroid Build Coastguard Worker // function will return an error if |max_batchsize| is too large for Trust
215*8fb009dcSAndroid Build Coastguard Worker // Tokens.
216*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(
217*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_METHOD *method, size_t max_batchsize);
218*8fb009dcSAndroid Build Coastguard Worker 
219*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_free releases memory associated with |ctx|.
220*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx);
221*8fb009dcSAndroid Build Coastguard Worker 
222*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_add_key configures the |ctx| to support the private key
223*8fb009dcSAndroid Build Coastguard Worker // |key|. It must be a private key returned by |TRUST_TOKEN_generate_key|. It
224*8fb009dcSAndroid Build Coastguard Worker // returns one on success or zero on error. This function may fail if the |key|
225*8fb009dcSAndroid Build Coastguard Worker // can't be parsed or too many keys have been configured.
226*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx,
227*8fb009dcSAndroid Build Coastguard Worker                                               const uint8_t *key,
228*8fb009dcSAndroid Build Coastguard Worker                                               size_t key_len);
229*8fb009dcSAndroid Build Coastguard Worker 
230*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_set_srr_key sets the private key used to sign the SRR. It
231*8fb009dcSAndroid Build Coastguard Worker // returns one on success and zero on error.
232*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_srr_key(TRUST_TOKEN_ISSUER *ctx,
233*8fb009dcSAndroid Build Coastguard Worker                                                   EVP_PKEY *key);
234*8fb009dcSAndroid Build Coastguard Worker 
235*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_set_metadata_key sets the key used to encrypt the private
236*8fb009dcSAndroid Build Coastguard Worker // metadata. The key is a randomly generated bytestring of at least 32 bytes
237*8fb009dcSAndroid Build Coastguard Worker // used to encode the private metadata bit in the SRR. It returns one on success
238*8fb009dcSAndroid Build Coastguard Worker // and zero on error.
239*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_set_metadata_key(TRUST_TOKEN_ISSUER *ctx,
240*8fb009dcSAndroid Build Coastguard Worker                                                        const uint8_t *key,
241*8fb009dcSAndroid Build Coastguard Worker                                                        size_t len);
242*8fb009dcSAndroid Build Coastguard Worker 
243*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_issue ingests |request| for token issuance
244*8fb009dcSAndroid Build Coastguard Worker // and generates up to |max_issuance| valid tokens, producing a list of blinded
245*8fb009dcSAndroid Build Coastguard Worker // tokens and storing the response into a newly-allocated buffer and setting
246*8fb009dcSAndroid Build Coastguard Worker // |*out| to that buffer, |*out_len| to its length, and |*out_tokens_issued| to
247*8fb009dcSAndroid Build Coastguard Worker // the number of tokens issued. The tokens are issued with public metadata of
248*8fb009dcSAndroid Build Coastguard Worker // |public_metadata| and a private metadata value of |private_metadata|.
249*8fb009dcSAndroid Build Coastguard Worker // |public_metadata| must be one of the previously configured key IDs.
250*8fb009dcSAndroid Build Coastguard Worker // |private_metadata| must be 0 or 1. The caller takes ownership of the buffer
251*8fb009dcSAndroid Build Coastguard Worker // and must call |OPENSSL_free| when done. It returns one on success or zero on
252*8fb009dcSAndroid Build Coastguard Worker // error.
253*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue(
254*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_ISSUER *ctx, uint8_t **out, size_t *out_len,
255*8fb009dcSAndroid Build Coastguard Worker     size_t *out_tokens_issued, const uint8_t *request, size_t request_len,
256*8fb009dcSAndroid Build Coastguard Worker     uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance);
257*8fb009dcSAndroid Build Coastguard Worker 
258*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and
259*8fb009dcSAndroid Build Coastguard Worker // verifies the token. The public metadata is stored in |*out_public|. The
260*8fb009dcSAndroid Build Coastguard Worker // private metadata (if any) is stored in |*out_private|. The extracted
261*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
262*8fb009dcSAndroid Build Coastguard Worker // |*out_token|. The extracted client data is stored into a newly-allocated
263*8fb009dcSAndroid Build Coastguard Worker // buffer and stored in |*out_client_data|. The caller takes ownership of each
264*8fb009dcSAndroid Build Coastguard Worker // output buffer and must call |OPENSSL_free| when done. It returns one on
265*8fb009dcSAndroid Build Coastguard Worker // success or zero on error.
266*8fb009dcSAndroid Build Coastguard Worker //
267*8fb009dcSAndroid Build Coastguard Worker // The caller must keep track of all values of |*out_token| seen globally before
268*8fb009dcSAndroid Build Coastguard Worker // returning a response to the client. If the value has been reused, the caller
269*8fb009dcSAndroid Build Coastguard Worker // must report an error to the client. Returning a response with replayed values
270*8fb009dcSAndroid Build Coastguard Worker // allows an attacker to double-spend tokens.
271*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem(
272*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
273*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN **out_token, uint8_t **out_client_data,
274*8fb009dcSAndroid Build Coastguard Worker     size_t *out_client_data_len, const uint8_t *request, size_t request_len);
275*8fb009dcSAndroid Build Coastguard Worker 
276*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_redeem_raw is a legacy alias for
277*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_ISSUER_redeem|.
278*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_ISSUER_redeem_raw TRUST_TOKEN_ISSUER_redeem
279*8fb009dcSAndroid Build Coastguard Worker 
280*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_ISSUER_redeem_over_message ingests a |request| for token
281*8fb009dcSAndroid Build Coastguard Worker // redemption and a message and verifies the token and that it is derived from
282*8fb009dcSAndroid Build Coastguard Worker // the provided |msg|. The public metadata is stored in
283*8fb009dcSAndroid Build Coastguard Worker // |*out_public|. The private metadata (if any) is stored in |*out_private|. The
284*8fb009dcSAndroid Build Coastguard Worker // extracted |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
285*8fb009dcSAndroid Build Coastguard Worker // |*out_token|. The extracted client data is stored into a newly-allocated
286*8fb009dcSAndroid Build Coastguard Worker // buffer and stored in |*out_client_data|. The caller takes ownership of each
287*8fb009dcSAndroid Build Coastguard Worker // output buffer and must call |OPENSSL_free| when done. It returns one on
288*8fb009dcSAndroid Build Coastguard Worker // success or zero on error.
289*8fb009dcSAndroid Build Coastguard Worker //
290*8fb009dcSAndroid Build Coastguard Worker // The caller must keep track of all values of |*out_token| seen globally before
291*8fb009dcSAndroid Build Coastguard Worker // returning a response to the client. If the value has been reused, the caller
292*8fb009dcSAndroid Build Coastguard Worker // must report an error to the client. Returning a response with replayed values
293*8fb009dcSAndroid Build Coastguard Worker // allows an attacker to double-spend tokens.
294*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_over_message(
295*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
296*8fb009dcSAndroid Build Coastguard Worker     TRUST_TOKEN **out_token, uint8_t **out_client_data,
297*8fb009dcSAndroid Build Coastguard Worker     size_t *out_client_data_len, const uint8_t *request, size_t request_len,
298*8fb009dcSAndroid Build Coastguard Worker     const uint8_t *msg, size_t msg_len);
299*8fb009dcSAndroid Build Coastguard Worker 
300*8fb009dcSAndroid Build Coastguard Worker // TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the
301*8fb009dcSAndroid Build Coastguard Worker // private metadata key specified by a |key| buffer of length |key_len| and the
302*8fb009dcSAndroid Build Coastguard Worker // nonce by a |nonce| buffer of length |nonce_len|. The nonce in
303*8fb009dcSAndroid Build Coastguard Worker // |TRUST_TOKEN_experiment_v1| is the token-hash field of the SRR. |*out_value|
304*8fb009dcSAndroid Build Coastguard Worker // is set to the decrypted value, either zero or one. It returns one on success
305*8fb009dcSAndroid Build Coastguard Worker // and zero on error.
306*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int TRUST_TOKEN_decode_private_metadata(
307*8fb009dcSAndroid Build Coastguard Worker     const TRUST_TOKEN_METHOD *method, uint8_t *out_value, const uint8_t *key,
308*8fb009dcSAndroid Build Coastguard Worker     size_t key_len, const uint8_t *nonce, size_t nonce_len,
309*8fb009dcSAndroid Build Coastguard Worker     uint8_t encrypted_bit);
310*8fb009dcSAndroid Build Coastguard Worker 
311*8fb009dcSAndroid Build Coastguard Worker 
312*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus)
313*8fb009dcSAndroid Build Coastguard Worker }  // extern C
314*8fb009dcSAndroid Build Coastguard Worker 
315*8fb009dcSAndroid Build Coastguard Worker extern "C++" {
316*8fb009dcSAndroid Build Coastguard Worker 
317*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_BEGIN
318*8fb009dcSAndroid Build Coastguard Worker 
319*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(TRUST_TOKEN, TRUST_TOKEN_free)
320*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(TRUST_TOKEN_CLIENT, TRUST_TOKEN_CLIENT_free)
321*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(TRUST_TOKEN_ISSUER, TRUST_TOKEN_ISSUER_free)
322*8fb009dcSAndroid Build Coastguard Worker 
323*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_END
324*8fb009dcSAndroid Build Coastguard Worker 
325*8fb009dcSAndroid Build Coastguard Worker }  // extern C++
326*8fb009dcSAndroid Build Coastguard Worker #endif
327*8fb009dcSAndroid Build Coastguard Worker 
328*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_KEYGEN_FAILURE 100
329*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_BUFFER_TOO_SMALL 101
330*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_OVER_BATCHSIZE 102
331*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_DECODE_ERROR 103
332*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_SRR_SIGNATURE_ERROR 104
333*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_DECODE_FAILURE 105
334*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_INVALID_METADATA 106
335*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_TOO_MANY_KEYS 107
336*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_NO_KEYS_CONFIGURED 108
337*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_INVALID_KEY_ID 109
338*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_INVALID_TOKEN 110
339*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_BAD_VALIDITY_CHECK 111
340*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED 112
341*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_INVALID_METADATA_KEY 113
342*8fb009dcSAndroid Build Coastguard Worker #define TRUST_TOKEN_R_INVALID_PROOF 114
343*8fb009dcSAndroid Build Coastguard Worker 
344*8fb009dcSAndroid Build Coastguard Worker #endif  // OPENSSL_HEADER_TRUST_TOKEN_H
345