Documentation ¶
Overview ¶
Package sqlite implements server-side persistence with a SQLite database.
Index ¶
- func Init(db *sql.DB) error
- type DB
- func (db *DB) AddManufacturerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error
- func (db *DB) AddOwnerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error
- func (db *DB) AddVoucher(ctx context.Context, ov *fdo.Voucher) error
- func (db *DB) Close() error
- func (db *DB) DB() *sql.DB
- func (db *DB) DeviceCertChain(ctx context.Context) ([]*x509.Certificate, error)
- func (db *DB) GUID(ctx context.Context) (protocol.GUID, error)
- func (db *DB) IncompleteVoucherHeader(ctx context.Context) (*fdo.VoucherHeader, error)
- func (db *DB) InvalidateToken(ctx context.Context) error
- func (db *DB) MTU(ctx context.Context) (uint16, error)
- func (db *DB) ManufacturerKey(keyType protocol.KeyType) (crypto.Signer, []*x509.Certificate, error)
- func (db *DB) NewToken(ctx context.Context, protocol protocol.Protocol) (string, error)
- func (db *DB) NewVoucher(ctx context.Context, ov *fdo.Voucher) error
- func (db *DB) OwnerKey(keyType protocol.KeyType) (crypto.Signer, []*x509.Certificate, error)
- func (db *DB) ProveDeviceNonce(ctx context.Context) (protocol.Nonce, error)
- func (db *DB) RVBlob(ctx context.Context, guid protocol.GUID) (*cose.Sign1[protocol.To1d, []byte], *fdo.Voucher, error)
- func (db *DB) RemoveVoucher(ctx context.Context, guid protocol.GUID) (*fdo.Voucher, error)
- func (db *DB) ReplaceVoucher(ctx context.Context, guid protocol.GUID, ov *fdo.Voucher) error
- func (db *DB) ReplacementGUID(ctx context.Context) (protocol.GUID, error)
- func (db *DB) ReplacementHmac(ctx context.Context) (protocol.Hmac, error)
- func (db *DB) RvInfo(ctx context.Context) ([][]protocol.RvInstruction, error)
- func (db *DB) SetDeviceCertChain(ctx context.Context, chain []*x509.Certificate) error
- func (db *DB) SetDeviceSelfInfo(ctx context.Context, info *custom.DeviceMfgInfo) error
- func (db *DB) SetGUID(ctx context.Context, guid protocol.GUID) error
- func (db *DB) SetIncompleteVoucherHeader(ctx context.Context, ovh *fdo.VoucherHeader) error
- func (db *DB) SetMTU(ctx context.Context, mtu uint16) error
- func (db *DB) SetProveDeviceNonce(ctx context.Context, nonce protocol.Nonce) error
- func (db *DB) SetRVBlob(ctx context.Context, ov *fdo.Voucher, to1d *cose.Sign1[protocol.To1d, []byte], ...) error
- func (db *DB) SetReplacementGUID(ctx context.Context, guid protocol.GUID) error
- func (db *DB) SetReplacementHmac(ctx context.Context, hmac protocol.Hmac) error
- func (db *DB) SetRvInfo(ctx context.Context, rvInfo [][]protocol.RvInstruction) error
- func (db *DB) SetSetupDeviceNonce(ctx context.Context, nonce protocol.Nonce) error
- func (db *DB) SetTO0SignNonce(ctx context.Context, nonce protocol.Nonce) error
- func (db *DB) SetTO1ProofNonce(ctx context.Context, nonce protocol.Nonce) error
- func (db *DB) SetXSession(ctx context.Context, suite kex.Suite, sess kex.Session) error
- func (db *DB) SetupDeviceNonce(ctx context.Context) (protocol.Nonce, error)
- func (db *DB) TO0SignNonce(ctx context.Context) (protocol.Nonce, error)
- func (db *DB) TO1ProofNonce(ctx context.Context) (protocol.Nonce, error)
- func (db *DB) TokenContext(parent context.Context, token string) context.Context
- func (db *DB) TokenFromContext(ctx context.Context) (string, bool)
- func (db *DB) Voucher(ctx context.Context, guid protocol.GUID) (*fdo.Voucher, error)
- func (db *DB) XSession(ctx context.Context) (kex.Suite, kex.Session, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Init ¶
Init ensures all tables are created and pragma are set. It does not recognize if tables have been created with invalid schemas.
In most cases, New should be used, which implicitly calls Init. However, Init can be useful for alternative SQLite connections that do not use a local file, such as Cloudflare D1.
Types ¶
type DB ¶
type DB struct { // Log all SQL queries to this optional writer. DebugLog io.Writer // contains filtered or unexported fields }
DB implements FDO server state persistence.
func New ¶
New creates a DB. The expected tables must already be created and pragmas must already be set, including foreign_keys=ON.
func Open ¶
Open creates or opens a SQLite database file using a single non-pooled connection. If a password is specified, then the xts VFS will be used with a text key.
func (*DB) AddManufacturerKey ¶
func (db *DB) AddManufacturerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error
AddManufacturerKey for signing device certificate chains. Unlike DB.AddOwnerKey, chain is always required.
func (*DB) AddOwnerKey ¶
func (db *DB) AddOwnerKey(keyType protocol.KeyType, key crypto.PrivateKey, chain []*x509.Certificate) error
AddOwnerKey to retrieve with DB.OwnerKey. chain may be nil, in which case X509 public key encoding will be used instead of X5Chain.
func (*DB) AddVoucher ¶
AddVoucher stores the voucher of a device owned by the service.
func (*DB) Close ¶
Close closes the database connection.
If the database connection is associated with unfinalized prepared statements, open blob handles, and/or unfinished backup objects, Close will leave the database connection open and return [sqlite3.BUSY].
func (*DB) DeviceCertChain ¶
DeviceCertChain gets a device certificate chain from the current session.
func (*DB) IncompleteVoucherHeader ¶
IncompleteVoucherHeader gets an incomplete (missing HMAC) voucher header which has not yet been persisted.
func (*DB) InvalidateToken ¶
InvalidateToken destroys the state associated with a given token.
func (*DB) ManufacturerKey ¶
ManufacturerKey returns the signer of a given key type and its certificate chain (required).
func (*DB) NewToken ¶
NewToken initializes state for a given protocol and return the associated token.
func (*DB) NewVoucher ¶
NewVoucher creates and stores a voucher for a newly initialized device. Note that the voucher may have entries if the server was configured for auto voucher extension.
func (*DB) OwnerKey ¶
OwnerKey returns the private key matching a given key type and optionally its certificate chain.
func (*DB) ProveDeviceNonce ¶
ProveDeviceNonce returns the Nonce used in TO2.ProveDevice and TO2.Done.
func (*DB) RVBlob ¶
func (db *DB) RVBlob(ctx context.Context, guid protocol.GUID) (*cose.Sign1[protocol.To1d, []byte], *fdo.Voucher, error)
RVBlob returns the owner rendezvous blob for a device.
func (*DB) RemoveVoucher ¶
RemoveVoucher untracks a voucher, deleting it, and returns it for extension.
func (*DB) ReplaceVoucher ¶
ReplaceVoucher stores a new voucher, deleting the previous voucher.
func (*DB) ReplacementGUID ¶
ReplacementGUID retrieves the device GUID to persist at the end of TO2.
func (*DB) ReplacementHmac ¶
ReplacementHmac retrieves the voucher HMAC to persist at the end of TO2.
func (*DB) SetDeviceCertChain ¶
SetDeviceCertChain sets the device certificate chain generated from DI.AppStart info.
func (*DB) SetDeviceSelfInfo ¶
SetDeviceSelfInfo implements an optional interface to store info from DI.AppStart.
func (*DB) SetIncompleteVoucherHeader ¶
SetIncompleteVoucherHeader stores an incomplete (missing HMAC) voucher header tied to a session.
func (*DB) SetProveDeviceNonce ¶
SetProveDeviceNonce stores the Nonce used in TO2.ProveDevice for use in TO2.Done.
func (*DB) SetRVBlob ¶
func (db *DB) SetRVBlob(ctx context.Context, ov *fdo.Voucher, to1d *cose.Sign1[protocol.To1d, []byte], exp time.Time) error
SetRVBlob sets the owner rendezvous blob for a device.
func (*DB) SetReplacementGUID ¶
SetReplacementGUID stores the device GUID to persist at the end of TO2.
func (*DB) SetReplacementHmac ¶
SetReplacementHmac stores the voucher HMAC to persist at the end of TO2.
func (*DB) SetSetupDeviceNonce ¶
SetSetupDeviceNonce stores the Nonce used in TO2.SetupDevice for use in TO2.Done2.
func (*DB) SetTO0SignNonce ¶
SetTO0SignNonce sets the Nonce expected in TO0.OwnerSign.
func (*DB) SetTO1ProofNonce ¶
SetTO1ProofNonce sets the Nonce expected in TO1.ProveToRV.
func (*DB) SetXSession ¶
SetXSession updates the current key exchange/encryption session based on an opaque "authorization" token.
func (*DB) SetupDeviceNonce ¶
SetupDeviceNonce returns the Nonce used in TO2.SetupDevice and TO2.Done2.
func (*DB) TO0SignNonce ¶
TO0SignNonce returns the Nonce expected in TO0.OwnerSign.
func (*DB) TO1ProofNonce ¶
TO1ProofNonce returns the Nonce expected in TO1.ProveToRV.
func (*DB) TokenContext ¶
TokenContext injects a context with a token value so that it may be used for any of the XXXState interfaces.
func (*DB) TokenFromContext ¶
TokenFromContext gets the token value from a context. This is useful, because some TokenServices may allow token mutation, such as in the case of token-encoded state (i.e. JWTs/CWTs).