Documentation
¶
Overview ¶
Package token implements all server state interfaces possible using a stateless token.
Index ¶
- type CA
- type Service
- func (s Service) DeviceCertChain(ctx context.Context) ([]*x509.Certificate, error)
- func (s Service) ExtendVoucher(ov *fdo.Voucher, nextOwner crypto.PublicKey) (*fdo.Voucher, error)
- func (s Service) GUID(ctx context.Context) (protocol.GUID, error)
- func (s Service) IncompleteVoucherHeader(ctx context.Context) (*fdo.VoucherHeader, error)
- func (s Service) InvalidateToken(ctx context.Context) error
- func (s Service) MTU(ctx context.Context) (uint16, error)
- func (s Service) NewToken(ctx context.Context, proto protocol.Protocol) (string, error)
- func (s Service) ProveDeviceNonce(ctx context.Context) (protocol.Nonce, error)
- func (s Service) ReplacementGUID(ctx context.Context) (protocol.GUID, error)
- func (s Service) ReplacementHmac(ctx context.Context) (protocol.Hmac, error)
- func (s Service) RvInfo(ctx context.Context) ([][]protocol.RvInstruction, error)
- func (s Service) SetDeviceCertChain(ctx context.Context, chain []*x509.Certificate) error
- func (s Service) SetGUID(ctx context.Context, guid protocol.GUID) error
- func (s Service) SetIncompleteVoucherHeader(ctx context.Context, ovh *fdo.VoucherHeader) error
- func (s Service) SetMTU(ctx context.Context, mtu uint16) error
- func (s Service) SetProveDeviceNonce(ctx context.Context, nonce protocol.Nonce) error
- func (s Service) SetReplacementGUID(ctx context.Context, guid protocol.GUID) error
- func (s Service) SetReplacementHmac(ctx context.Context, hmac protocol.Hmac) error
- func (s Service) SetRvInfo(ctx context.Context, rvInfo [][]protocol.RvInstruction) error
- func (s Service) SetSetupDeviceNonce(ctx context.Context, nonce protocol.Nonce) error
- func (s Service) SetTO0SignNonce(ctx context.Context, nonce protocol.Nonce) error
- func (s Service) SetTO1ProofNonce(ctx context.Context, nonce protocol.Nonce) error
- func (s Service) SetXSession(ctx context.Context, suite kex.Suite, sess kex.Session) error
- func (s Service) SetupDeviceNonce(ctx context.Context) (protocol.Nonce, error)
- func (s Service) TO0SignNonce(ctx context.Context) (protocol.Nonce, error)
- func (s Service) TO1ProofNonce(ctx context.Context) (protocol.Nonce, error)
- func (s Service) TokenContext(parent context.Context, token string) context.Context
- func (s Service) TokenFromContext(ctx context.Context) (string, bool)
- func (s Service) XSession(ctx context.Context) (xSuite kex.Suite, xSession kex.Session, _ error)
- type Unique
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
Key crypto.Signer
Chain []*x509.Certificate
}
CA for creating a device certificate chain
type Service ¶
Service implements the fdo.TokenService interface and state interfaces that do not need to persist beyond a single protocol session.
func NewService ¶
NewService initializes a stateless token service with a random HMAC secret and self-signed CAs for the common key types.
func (Service) DeviceCertChain ¶
DeviceCertChain gets a device certificate chain from the current session.
func (Service) ExtendVoucher ¶
ExtendVoucher adds a new signed voucher entry to the list and returns the new extended vouchers. Vouchers should be treated as immutable structures.
func (Service) IncompleteVoucherHeader ¶
IncompleteVoucherHeader gets an incomplete (missing HMAC) voucher header which has not yet been persisted.
func (Service) InvalidateToken ¶
InvalidateToken destroys the state associated with a given token.
func (Service) NewToken ¶
NewToken initializes state for a given protocol and return the associated token.
func (Service) ProveDeviceNonce ¶
ProveDeviceNonce returns the Nonce used in TO2.ProveDevice and TO2.Done.
func (Service) ReplacementGUID ¶
ReplacementGUID retrieves the device GUID to persist at the end of TO2.
func (Service) ReplacementHmac ¶
ReplacementHmac retrieves the voucher HMAC to persist at the end of TO2.
func (Service) SetDeviceCertChain ¶
SetDeviceCertChain sets the device certificate chain generated from DI.AppStart info.
func (Service) SetIncompleteVoucherHeader ¶
SetIncompleteVoucherHeader stores an incomplete (missing HMAC) voucher header tied to a session.
func (Service) SetProveDeviceNonce ¶
SetProveDeviceNonce stores the Nonce used in TO2.ProveDevice for use in TO2.Done.
func (Service) SetReplacementGUID ¶
SetReplacementGUID stores the device GUID to persist at the end of TO2.
func (Service) SetReplacementHmac ¶
SetReplacementHmac stores the voucher HMAC to persist at the end of TO2.
func (Service) SetSetupDeviceNonce ¶
SetSetupDeviceNonce stores the Nonce used in TO2.SetupDevice for use in TO2.Done2.
func (Service) SetTO0SignNonce ¶
SetTO0SignNonce sets the Nonce expected in TO0.OwnerSign.
func (Service) SetTO1ProofNonce ¶
SetTO1ProofNonce sets the Nonce expected in TO1.ProveToRV.
func (Service) SetXSession ¶
SetXSession updates the current key exchange/encryption session based on an opaque "authorization" token.
func (Service) SetupDeviceNonce ¶
SetupDeviceNonce returns the Nonce used in TO2.SetupDevice and TO2.Done2.
func (Service) TO0SignNonce ¶
TO0SignNonce returns the Nonce expected in TO0.OwnerSign.
func (Service) TO1ProofNonce ¶
TO1ProofNonce returns the Nonce expected in TO1.ProveToRV.
func (Service) TokenContext ¶
TokenContext injects a context with a token value so that it may be used for any of the XXXState interfaces.
func (Service) TokenFromContext ¶
TokenFromContext gets the token value from a context. This is useful, because some TokenServices may allow token mutation, such as in the case of token-encoded state (i.e. JWTs/CWTs).
Source Files