Skip to content

Commit

Permalink
Use upstream AES-XTS VFS for sqlite; Make sqlite API more adaptable
Browse files Browse the repository at this point in the history
Signed-off-by: Ben Krieger <[email protected]>
  • Loading branch information
ben-krieger committed Oct 18, 2024
1 parent 7741915 commit c629d0d
Show file tree
Hide file tree
Showing 8 changed files with 51 additions and 414 deletions.
2 changes: 1 addition & 1 deletion examples/cmd/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ func server() error { //nolint:gocyclo
if dbPath == "" {
return errors.New("db flag is required")
}
state, err := sqlite.New(dbPath, dbPass)
state, err := sqlite.Open(dbPath, dbPass)
if err != nil {
return err
}
Expand Down
10 changes: 5 additions & 5 deletions examples/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ require (
)

require (
github.com/ncruces/go-sqlite3 v0.18.4 // indirect
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b // indirect
github.com/ncruces/julianday v1.0.0 // indirect
github.com/neilotoole/jsoncolor v0.7.1 // indirect
github.com/tetratelabs/wazero v1.8.0 // indirect
golang.org/x/crypto v0.27.0 // indirect
golang.org/x/sys v0.25.0 // indirect
golang.org/x/term v0.24.0 // indirect
github.com/tetratelabs/wazero v1.8.1 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
)
24 changes: 12 additions & 12 deletions examples/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/ncruces/go-sqlite3 v0.18.4 h1:Je8o3y33MDwPYY/Cacas8yCsuoUzpNY/AgoSlN2ekyE=
github.com/ncruces/go-sqlite3 v0.18.4/go.mod h1:4HLag13gq1k10s4dfGBhMfRVsssJRT9/5hYqVM9RUYo=
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b h1:oAawRfm4i619bgG1TbQQoV/pGOCoPqX7+mHqaGZva0c=
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b/go.mod h1:yL4ZNWGsr1/8pcLfpPW1RT1WFdvyeHonrgIwwi4rvkg=
github.com/ncruces/julianday v1.0.0 h1:fH0OKwa7NWvniGQtxdJRxAgkBMolni2BjDHaWTxqt7M=
github.com/ncruces/julianday v1.0.0/go.mod h1:Dusn2KvZrrovOMJuOt0TNXL6tB7U2E8kvza5fFc9G7g=
github.com/neilotoole/jsoncolor v0.7.1 h1:/MoU7KPLcto+ykcy592Y8eX9WFQhoi3IBEbwrP89dgs=
Expand All @@ -47,23 +47,23 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/tetratelabs/wazero v1.8.0 h1:iEKu0d4c2Pd+QSRieYbnQC9yiFlMS9D+Jr0LsRmcF4g=
github.com/tetratelabs/wazero v1.8.0/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
github.com/tetratelabs/wazero v1.8.1 h1:NrcgVbWfkWvVc4UtT4LRLDf91PsOzDzefMdwhLfA550=
github.com/tetratelabs/wazero v1.8.1/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
8 changes: 4 additions & 4 deletions sqlite/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@ replace github.com/fido-device-onboard/go-fdo => ../

require (
github.com/fido-device-onboard/go-fdo v0.0.0-00010101000000-000000000000
github.com/ncruces/go-sqlite3 v0.18.4
golang.org/x/crypto v0.27.0
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b
)

require (
github.com/ncruces/julianday v1.0.0 // indirect
github.com/tetratelabs/wazero v1.8.0 // indirect
golang.org/x/sys v0.25.0 // indirect
github.com/tetratelabs/wazero v1.8.1 // indirect
golang.org/x/crypto v0.28.0 // indirect
golang.org/x/sys v0.26.0 // indirect
)
20 changes: 10 additions & 10 deletions sqlite/go.sum
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
github.com/ncruces/go-sqlite3 v0.18.4 h1:Je8o3y33MDwPYY/Cacas8yCsuoUzpNY/AgoSlN2ekyE=
github.com/ncruces/go-sqlite3 v0.18.4/go.mod h1:4HLag13gq1k10s4dfGBhMfRVsssJRT9/5hYqVM9RUYo=
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b h1:oAawRfm4i619bgG1TbQQoV/pGOCoPqX7+mHqaGZva0c=
github.com/ncruces/go-sqlite3 v0.19.1-0.20241017225339-d6aebe67cc4b/go.mod h1:yL4ZNWGsr1/8pcLfpPW1RT1WFdvyeHonrgIwwi4rvkg=
github.com/ncruces/julianday v1.0.0 h1:fH0OKwa7NWvniGQtxdJRxAgkBMolni2BjDHaWTxqt7M=
github.com/ncruces/julianday v1.0.0/go.mod h1:Dusn2KvZrrovOMJuOt0TNXL6tB7U2E8kvza5fFc9G7g=
github.com/tetratelabs/wazero v1.8.0 h1:iEKu0d4c2Pd+QSRieYbnQC9yiFlMS9D+Jr0LsRmcF4g=
github.com/tetratelabs/wazero v1.8.0/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
github.com/tetratelabs/wazero v1.8.1 h1:NrcgVbWfkWvVc4UtT4LRLDf91PsOzDzefMdwhLfA550=
github.com/tetratelabs/wazero v1.8.1/go.mod h1:yAI0XTsMBhREkM/YDAK/zNou3GoiAce1P6+rp/wQhjs=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
30 changes: 18 additions & 12 deletions sqlite/sqlite.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,16 @@ import (
"strings"
"time"

"github.com/ncruces/go-sqlite3/driver" // Load database/sql driver
_ "github.com/ncruces/go-sqlite3/embed" // Load sqlite WASM binary
"github.com/ncruces/go-sqlite3/driver" // Load database/sql driver
_ "github.com/ncruces/go-sqlite3/embed" // Load sqlite WASM binary
_ "github.com/ncruces/go-sqlite3/vfs/xts" // Encryption VFS

"github.com/fido-device-onboard/go-fdo"
"github.com/fido-device-onboard/go-fdo/cbor"
"github.com/fido-device-onboard/go-fdo/cose"
"github.com/fido-device-onboard/go-fdo/custom"
"github.com/fido-device-onboard/go-fdo/kex"
"github.com/fido-device-onboard/go-fdo/protocol"
_ "github.com/fido-device-onboard/go-fdo/sqlite/xts" // Encryption VFS
)

// DB implements FDO server state persistence.
Expand All @@ -44,29 +44,36 @@ type DB struct {
db *sql.DB
}

// New creates or opens a SQLite database file using a single non-pooled
// Open creates or opens a SQLite database file using a single non-pooled
// connection. If a password is specified, then the xts VFS will be used
// with a text key.
func New(filename, password string) (*DB, error) {
func Open(filename, password string) (*DB, error) {
var query string
if password != "" {
query += fmt.Sprintf("?vfs=xts&_pragma=textkey(%q)", password)
query += fmt.Sprintf("?vfs=xts&_pragma=textkey(%q)&_pragma=temp_store(memory)", password)
}
connector, err := (&driver.SQLite{}).OpenConnector("file:" + filepath.Clean(filename) + query)
if err != nil {
return nil, fmt.Errorf("error creating sqlite connector: %w", err)
}
db := sql.OpenDB(connector)
return Init(db)
if err := Init(db); err != nil {
return nil, err
}
return New(db), nil
}

// New creates a DB. The expected tables must already be created and pragmas
// must already be set, including foreign_keys=ON.
func New(db *sql.DB) *DB { return &DB{db: db} }

// Init ensures all tables are created and pragma are set. It does not
// recognize if tables have been created with invalid schemas.
//
// In most cases, New should be used, which implicitly calls Init. However,
// Init can be useful for alternative SQLite connections that do not use a
// local file, such as Cloudflare D1.
func Init(db *sql.DB) (*DB, error) {
func Init(db *sql.DB) error {
stmts := []string{
`PRAGMA foreign_keys = ON`,
`CREATE TABLE IF NOT EXISTS secrets
Expand Down Expand Up @@ -153,13 +160,12 @@ func Init(db *sql.DB) (*DB, error) {
if _, err := db.Exec(sql); err != nil {
_ = db.Close()
if strings.Contains(err.Error(), "file is not a database") {
return nil, fmt.Errorf("file is not a database: likely due to incorrect or missing database password")
return fmt.Errorf("file is not a database: likely due to incorrect or missing database password")
}
return nil, fmt.Errorf("error creating tables: %w", err)
return fmt.Errorf("error creating tables: %w", err)
}
}

return &DB{db: db}, nil
return nil
}

// Close closes the database connection.
Expand Down
2 changes: 1 addition & 1 deletion sqlite/sqlite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func newDB(t *testing.T) (_ *sqlite.DB, cleanup func() error) {
cleanup = func() error { return os.Remove("db.test") }
_ = cleanup()

state, err := sqlite.New("db.test", "test_password")
state, err := sqlite.Open("db.test", "test_password")
if err != nil {
t.Fatal(err)
}
Expand Down
Loading

0 comments on commit c629d0d

Please sign in to comment.