Botan 2.19.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Encrypted_PSK_Database_SQL Class Reference

#include <psk_db.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:
Botan::Encrypted_PSK_Database Botan::PSK_Database

Public Member Functions

 Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, const std::string &table_name)
 
secure_vector< uint8_t > get (const std::string &name) const override
 
std::string get_str (const std::string &name) const
 
bool is_encrypted () const override
 
std::set< std::string > list_names () const override
 
void remove (const std::string &name) override
 
void set (const std::string &name, const uint8_t psk[], size_t psk_len) override
 
void set_str (const std::string &name, const std::string &psk)
 
template<typename Alloc >
void set_vec (const std::string &name, const std::vector< uint8_t, Alloc > &psk)
 
 ~Encrypted_PSK_Database_SQL ()
 

Detailed Description

Definition at line 146 of file psk_db.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( const secure_vector< uint8_t > &  master_key,
std::shared_ptr< SQL_Database db,
const std::string &  table_name 
)

Definition at line 12 of file psk_db_sql.cpp.

14 :
15 Encrypted_PSK_Database(master_key),
16 m_db(db),
17 m_table_name(table_name)
18 {
19 m_db->create_table(
20 "create table if not exists " + m_table_name +
21 "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
22 }
Encrypted_PSK_Database(const secure_vector< uint8_t > &master_key)
Definition: psk_db.cpp:16

◆ ~Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::~Encrypted_PSK_Database_SQL ( )

Definition at line 24 of file psk_db_sql.cpp.

25 {
26 /* for ~unique_ptr */
27 }

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( const std::string &  name) const
overridevirtualinherited

Return the value associated with the specified

Parameters
nameor otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 66 of file psk_db.cpp.

67 {
68 const std::vector<uint8_t> wrapped_name =
70 name.size(),
71 *m_cipher);
72
73 const std::string val_base64 = kv_get(base64_encode(wrapped_name));
74
75 if(val_base64.empty())
76 throw Invalid_Argument("Named PSK not located");
77
78 const secure_vector<uint8_t> val = base64_decode(val_base64);
79
80 std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
81 wrap_cipher->set_key(m_hmac->process(wrapped_name));
82
83 return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
84 }
virtual std::string kv_get(const std::string &index) const =0
std::string name
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:185
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:200
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190

References Botan::base64_decode(), Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_get(), name, Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

◆ get_str()

std::string Botan::PSK_Database::get_str ( const std::string &  name) const
inlineinherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 59 of file psk_db.h.

60 {
61 secure_vector<uint8_t> psk = get(name);
62 return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
63 }
virtual secure_vector< uint8_t > get(const std::string &name) const =0
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:195

References Botan::cast_uint8_ptr_to_char(), and name.

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const
inlineoverridevirtualinherited

Returns if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 114 of file psk_db.h.

114{ return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const
overridevirtualinherited

Return the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 31 of file psk_db.cpp.

32 {
33 const std::set<std::string> encrypted_names = kv_get_all();
34
35 std::set<std::string> names;
36
37 for(std::string enc_name : encrypted_names)
38 {
39 try
40 {
41 const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
42 const secure_vector<uint8_t> name_bits =
43 nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
44
45 std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size());
46 names.insert(pt_name);
47 }
48 catch(Invalid_Authentication_Tag&)
49 {
50 }
51 }
52
53 return names;
54 }
virtual std::set< std::string > kv_get_all() const =0

References Botan::base64_decode(), Botan::cast_uint8_ptr_to_char(), Botan::Encrypted_PSK_Database::kv_get_all(), and Botan::nist_key_unwrap_padded().

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( const std::string &  name)
overridevirtualinherited

Remove a PSK from the database

Implements Botan::PSK_Database.

Definition at line 56 of file psk_db.cpp.

57 {
58 const std::vector<uint8_t> wrapped_name =
60 name.size(),
61 *m_cipher);
62
63 this->kv_del(base64_encode(wrapped_name));
64 }
virtual void kv_del(const std::string &index)=0

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_del(), name, and Botan::nist_key_wrap_padded().

◆ set()

void Botan::Encrypted_PSK_Database::set ( const std::string &  name,
const uint8_t  psk[],
size_t  psk_len 
)
overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 86 of file psk_db.cpp.

87 {
88 /*
89 * Both as a basic precaution wrt key seperation, and specifically to prevent
90 * cut-and-paste attacks against the database, each PSK is encrypted with a
91 * distinct key which is derived by hashing the wrapped key name with HMAC.
92 */
93 const std::vector<uint8_t> wrapped_name =
95 name.size(),
96 *m_cipher);
97
98 std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
99 wrap_cipher->set_key(m_hmac->process(wrapped_name));
100 const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
101
102 this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
103 }
virtual void kv_set(const std::string &index, const std::string &value)=0

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_set(), name, and Botan::nist_key_wrap_padded().

◆ set_str()

void Botan::PSK_Database::set_str ( const std::string &  name,
const std::string &  psk 
)
inlineinherited

Definition at line 65 of file psk_db.h.

66 {
67 set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
68 }
virtual void set(const std::string &name, const uint8_t psk[], size_t psk_len)=0

References Botan::cast_char_ptr_to_uint8(), and name.

◆ set_vec()

template<typename Alloc >
void Botan::PSK_Database::set_vec ( const std::string &  name,
const std::vector< uint8_t, Alloc > &  psk 
)
inlineinherited

Definition at line 71 of file psk_db.h.

74 {
75 set(name, psk.data(), psk.size());
76 }

References name.


The documentation for this class was generated from the following files: