sqlite

package module
v0.0.0-...-5b993c5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package sqlite implements server-side persistence with a SQLite database.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Init 

func Init(db *sql.DB) error

Init ensures all tables are created and pragma are set. It does not recognize if tables have been created with invalid schemas.

In most cases, New should be used, which implicitly calls Init. However, Init can be useful for alternative SQLite connections that do not use a local file, such as Cloudflare D1.

Types

type DB 

type DB struct {
	// Log all SQL queries to this optional writer.
	DebugLog io.Writer
	// contains filtered or unexported fields
}

DB implements FDO server state persistence.

func New 

func New(db *sql.DB) *DB

New creates a DB. The expected tables must already be created and pragmas must already be set, including foreign_keys=ON.

func Open 

func Open(filename, password string) (*DB, error)

Open creates or opens a SQLite database file using a single non-pooled connection. If a password is specified, then the xts VFS will be used with a text key.

func (*DB) AddManufacturerKey 

func (db *DB) AddManufacturerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error

AddManufacturerKey for signing device certificate chains. Unlike DB.AddOwnerKey, chain is always required.

func (*DB) AddOwnerKey 

func (db *DB) AddOwnerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error

AddOwnerKey to retrieve with DB.OwnerKey. chain may be nil, in which case X509 public key encoding will be used instead of X5Chain.

func (*DB) AddVoucher 

func (db *DB) AddVoucher(ctx context.Context, ov *fdo.Voucher) error

AddVoucher stores the voucher of a device owned by the service.

func (*DB) Close 

func (db *DB) Close() error

Close closes the database connection.

If the database connection is associated with unfinalized prepared statements, open blob handles, and/or unfinished backup objects, Close will leave the database connection open and return [sqlite3.BUSY].

func (*DB) DB 

func (db *DB) DB() *sql.DB

DB returns the underlying database/sql DB.

func (*DB) DeviceCertChain 

func (db *DB) DeviceCertChain(ctx context.Context) ([]*x509.Certificate, error)

DeviceCertChain gets a device certificate chain from the current session.

func (*DB) GUID 

func (db *DB) GUID(ctx context.Context) (protocol.GUID, error)

GUID retrieves the GUID of the voucher associated with the session.

func (*DB) IncompleteVoucherHeader 

func (db *DB) IncompleteVoucherHeader(ctx context.Context) (*fdo.VoucherHeader, error)

IncompleteVoucherHeader gets an incomplete (missing HMAC) voucher header which has not yet been persisted.

func (*DB) InvalidateToken 

func (db *DB) InvalidateToken(ctx context.Context) error

InvalidateToken destroys the state associated with a given token.

func (*DB) MTU 

func (db *DB) MTU(ctx context.Context) (uint16, error)

MTU returns the max service info size the device may receive.

func (*DB) ManufacturerKey 

func (db *DB) ManufacturerKey(keyType protocol.KeyType) (crypto.Signer, []*x509.Certificate, error)

ManufacturerKey returns the signer of a given key type and its certificate chain (required).

func (*DB) NewToken 

func (db *DB) NewToken(ctx context.Context, protocol protocol.Protocol) (string, error)

NewToken initializes state for a given protocol and return the associated token.

func (*DB) NewVoucher 

func (db *DB) NewVoucher(ctx context.Context, ov *fdo.Voucher) error

NewVoucher creates and stores a voucher for a newly initialized device. Note that the voucher may have entries if the server was configured for auto voucher extension.

func (*DB) OwnerKey 

func (db *DB) OwnerKey(keyType protocol.KeyType) (crypto.Signer, []*x509.Certificate, error)

OwnerKey returns the private key matching a given key type and optionally its certificate chain.

func (*DB) ProveDeviceNonce 

func (db *DB) ProveDeviceNonce(ctx context.Context) (protocol.Nonce, error)

ProveDeviceNonce returns the Nonce used in TO2.ProveDevice and TO2.Done.

func (*DB) RVBlob 

func (db *DB) RVBlob(ctx context.Context, guid protocol.GUID) (*cose.Sign1[protocol.To1d, []byte], *fdo.Voucher, error)

RVBlob returns the owner rendezvous blob for a device.

func (*DB) RemoveVoucher 

func (db *DB) RemoveVoucher(ctx context.Context, guid protocol.GUID) (*fdo.Voucher, error)

RemoveVoucher untracks a voucher, deleting it, and returns it for extension.

func (*DB) ReplaceVoucher 

func (db *DB) ReplaceVoucher(ctx context.Context, guid protocol.GUID, ov *fdo.Voucher) error

ReplaceVoucher stores a new voucher, deleting the previous voucher.

func (*DB) ReplacementGUID 

func (db *DB) ReplacementGUID(ctx context.Context) (protocol.GUID, error)

ReplacementGUID retrieves the device GUID to persist at the end of TO2.

func (*DB) ReplacementHmac 

func (db *DB) ReplacementHmac(ctx context.Context) (protocol.Hmac, error)

ReplacementHmac retrieves the voucher HMAC to persist at the end of TO2.

func (*DB) RvInfo 

func (db *DB) RvInfo(ctx context.Context) ([][]protocol.RvInstruction, error)

RvInfo retrieves the rendezvous instructions to store at the end of TO2.

func (*DB) SetDeviceCertChain 

func (db *DB) SetDeviceCertChain(ctx context.Context, chain []*x509.Certificate) error

SetDeviceCertChain sets the device certificate chain generated from DI.AppStart info.

func (*DB) SetDeviceSelfInfo 

func (db *DB) SetDeviceSelfInfo(ctx context.Context, info *custom.DeviceMfgInfo) error

SetDeviceSelfInfo implements an optional interface to store info from DI.AppStart.

func (*DB) SetGUID 

func (db *DB) SetGUID(ctx context.Context, guid protocol.GUID) error

SetGUID associates a voucher GUID with a TO2 session.

func (*DB) SetIncompleteVoucherHeader 

func (db *DB) SetIncompleteVoucherHeader(ctx context.Context, ovh *fdo.VoucherHeader) error

SetIncompleteVoucherHeader stores an incomplete (missing HMAC) voucher header tied to a session.

func (*DB) SetMTU 

func (db *DB) SetMTU(ctx context.Context, mtu uint16) error

SetMTU sets the max service info size the device may receive.

func (*DB) SetProveDeviceNonce 

func (db *DB) SetProveDeviceNonce(ctx context.Context, nonce protocol.Nonce) error

SetProveDeviceNonce stores the Nonce used in TO2.ProveDevice for use in TO2.Done.

func (*DB) SetRVBlob 

func (db *DB) SetRVBlob(ctx context.Context, ov *fdo.Voucher, to1d *cose.Sign1[protocol.To1d, []byte], exp time.Time) error

SetRVBlob sets the owner rendezvous blob for a device.

func (*DB) SetReplacementGUID 

func (db *DB) SetReplacementGUID(ctx context.Context, guid protocol.GUID) error

SetReplacementGUID stores the device GUID to persist at the end of TO2.

func (*DB) SetReplacementHmac 

func (db *DB) SetReplacementHmac(ctx context.Context, hmac protocol.Hmac) error

SetReplacementHmac stores the voucher HMAC to persist at the end of TO2.

func (*DB) SetRvInfo 

func (db *DB) SetRvInfo(ctx context.Context, rvInfo [][]protocol.RvInstruction) error

SetRvInfo stores the rendezvous instructions to store at the end of TO2.

func (*DB) SetSetupDeviceNonce 

func (db *DB) SetSetupDeviceNonce(ctx context.Context, nonce protocol.Nonce) error

SetSetupDeviceNonce stores the Nonce used in TO2.SetupDevice for use in TO2.Done2.

func (*DB) SetTO0SignNonce 

func (db *DB) SetTO0SignNonce(ctx context.Context, nonce protocol.Nonce) error

SetTO0SignNonce sets the Nonce expected in TO0.OwnerSign.

func (*DB) SetTO1ProofNonce 

func (db *DB) SetTO1ProofNonce(ctx context.Context, nonce protocol.Nonce) error

SetTO1ProofNonce sets the Nonce expected in TO1.ProveToRV.

func (*DB) SetXSession 

func (db *DB) SetXSession(ctx context.Context, suite kex.Suite, sess kex.Session) error

SetXSession updates the current key exchange/encryption session based on an opaque "authorization" token.

func (*DB) SetupDeviceNonce 

func (db *DB) SetupDeviceNonce(ctx context.Context) (protocol.Nonce, error)

SetupDeviceNonce returns the Nonce used in TO2.SetupDevice and TO2.Done2.

func (*DB) TO0SignNonce 

func (db *DB) TO0SignNonce(ctx context.Context) (protocol.Nonce, error)

TO0SignNonce returns the Nonce expected in TO0.OwnerSign.

func (*DB) TO1ProofNonce 

func (db *DB) TO1ProofNonce(ctx context.Context) (protocol.Nonce, error)

TO1ProofNonce returns the Nonce expected in TO1.ProveToRV.

func (*DB) TokenContext 

func (db *DB) TokenContext(parent context.Context, token string) context.Context

TokenContext injects a context with a token value so that it may be used for any of the XXXState interfaces.

func (*DB) TokenFromContext 

func (db *DB) TokenFromContext(ctx context.Context) (string, bool)

TokenFromContext gets the token value from a context. This is useful, because some TokenServices may allow token mutation, such as in the case of token-encoded state (i.e. JWTs/CWTs).

func (*DB) Voucher 

func (db *DB) Voucher(ctx context.Context, guid protocol.GUID) (*fdo.Voucher, error)

Voucher retrieves a voucher by GUID.

func (*DB) XSession 

func (db *DB) XSession(ctx context.Context) (kex.Suite, kex.Session, error)

XSession returns the current key exchange/encryption session based on an opaque "authorization" token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.