#include <psk_db.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:

Public Member Functions
	Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, std::string_view table_name)

secure_vector< uint8_t >	get (std::string_view name) const override

std::string	get_str (std::string_view name) const

bool	is_encrypted () const override

std::set< std::string >	list_names () const override

void	remove (std::string_view name) override

void	set (std::string_view name, const uint8_t psk[], size_t psk_len) override

void	set_str (std::string_view name, std::string_view psk)

void	set_vec (std::string_view name, std::span< const uint8_t > psk)

	~Encrypted_PSK_Database_SQL () override

Detailed Description

Definition at line 162 of file psk_db.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL	(	const secure_vector< uint8_t > &	master_key,
		std::shared_ptr< SQL_Database >	db,
		std::string_view	table_name )

Creates or uses the named table in db. The SQL schema of the table is (psk_name TEXT PRIMARY KEY, psk_value TEXT).

Definition at line 13 of file psk_db_sql.cpp.

                                                                                  :
      Encrypted_PSK_Database(master_key), m_db(std::move(db)), m_table_name(table_name) {
   m_db->create_table("create table if not exists " + m_table_name + "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
}

◆ ~Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::~Encrypted_PSK_Database_SQL ( )

overridedefault

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( std::string_view name ) const

overridevirtualinherited

Returns: the value associated with the specified name or otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 63 of file psk_db.cpp.

                                                                            {
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
 
   const std::string val_base64 = kv_get(base64_encode(wrapped_name));
 
   if(val_base64.empty()) {
      throw Invalid_Argument("Named PSK not located");
   }
 
   const secure_vector<uint8_t> val = base64_decode(val_base64);
 
   auto wrap_cipher = m_cipher->new_object();
   wrap_cipher->set_key(m_hmac->process(wrapped_name));
 
   return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
}

References Botan::base64_decode(), Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_get(), name, Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

◆ get_str()

std::string Botan::PSK_Database::get_str ( std::string_view name ) const

inherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 18 of file psk_db.cpp.

                                                         {
   secure_vector<uint8_t> psk = this->get(name);
   return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
}

References Botan::cast_uint8_ptr_to_char(), and Botan::PSK_Database::get().

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const

inlineoverridevirtualinherited

Returns: true if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 128 of file psk_db.h.

128{ return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const

overridevirtualinherited

Returns: the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 38 of file psk_db.cpp.

                                                           {
   const std::set<std::string> encrypted_names = kv_get_all();
 
   std::set<std::string> names;
 
   for(const auto& enc_name : encrypted_names) {
      try {
         const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
         const secure_vector<uint8_t> name_bits = nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
 
         std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size());
         names.insert(pt_name);
      } catch(Invalid_Authentication_Tag&) {}
   }
 
   return names;
}

References Botan::base64_decode(), Botan::cast_uint8_ptr_to_char(), Botan::Encrypted_PSK_Database::kv_get_all(), and Botan::nist_key_unwrap_padded().

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( std::string_view name )

overridevirtualinherited

Remove the PSK with the given name from the database

Implements Botan::PSK_Database.

Definition at line 56 of file psk_db.cpp.

                                                       {
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
 
   this->kv_del(base64_encode(wrapped_name));
}

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_del(), name, and Botan::nist_key_wrap_padded().

◆ set()

void Botan::Encrypted_PSK_Database::set	(	std::string_view	name,
		const uint8_t	psk[],
		size_t	psk_len )

overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 81 of file psk_db.cpp.

                                                                                     {
   /*
   * Both as a basic precaution wrt key seperation, and specifically to prevent
   * cut-and-paste attacks against the database, each PSK is encrypted with a
   * distinct key which is derived by hashing the wrapped key name with HMAC.
   */
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
 
   auto wrap_cipher = m_cipher->new_object();
   wrap_cipher->set_key(m_hmac->process(wrapped_name));
   const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
 
   this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
}

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_set(), name, and Botan::nist_key_wrap_padded().

◆ set_str()

void Botan::PSK_Database::set_str	(	std::string_view	name,
		std::string_view	psk )

inherited

Like set() but accepts the PSK as a string (eg for a password).

Definition at line 23 of file psk_db.cpp.

                                                                  {
   this->set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
}

References Botan::cast_char_ptr_to_uint8(), and Botan::PSK_Database::set().

◆ set_vec()

void Botan::PSK_Database::set_vec	(	std::string_view	name,
		std::span< const uint8_t >	psk )

inlineinherited

Like set() but accepting an arbitrary contiguous byte array.

Definition at line 69 of file psk_db.h.

69{ set(name, psk.data(), psk.size()); }

References name.

The documentation for this class was generated from the following files:

src/lib/psk_db/psk_db.h
src/lib/psk_db/psk_db_sql.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

◆ ~Encrypted_PSK_Database_SQL()

Member Function Documentation

◆ get()

◆ get_str()

◆ is_encrypted()

◆ list_names()

◆ remove()

◆ set()

◆ set_str()

◆ set_vec()