Botan 3.9.0
Crypto and TLS for C&
Botan::Encrypted_PSK_Database_SQL Class Reference

#include <psk_db.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:
Botan::Encrypted_PSK_Database Botan::PSK_Database

Public Member Functions

 Encrypted_PSK_Database_SQL (const Encrypted_PSK_Database_SQL &other)=delete
 Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, std::string_view table_name)
 Encrypted_PSK_Database_SQL (Encrypted_PSK_Database_SQL &&other)=delete
secure_vector< uint8_t > get (std::string_view name) const override
std::string get_str (std::string_view name) const
bool is_encrypted () const override
std::set< std::string > list_names () const override
Encrypted_PSK_Database_SQLoperator= (const Encrypted_PSK_Database_SQL &other)=delete
Encrypted_PSK_Database_SQLoperator= (Encrypted_PSK_Database_SQL &&other)=delete
void remove (std::string_view name) override
void set (std::string_view name, const uint8_t psk[], size_t psk_len) override
void set_str (std::string_view name, std::string_view psk)
void set_vec (std::string_view name, std::span< const uint8_t > psk)
 ~Encrypted_PSK_Database_SQL () override

Detailed Description

Definition at line 162 of file psk_db.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL() [1/3]

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( const secure_vector< uint8_t > & master_key,
std::shared_ptr< SQL_Database > db,
std::string_view table_name )

Creates or uses the named table in db. The SQL schema of the table is (psk_name TEXT PRIMARY KEY, psk_value TEXT).

Definition at line 13 of file psk_db_sql.cpp.

15 :
16 Encrypted_PSK_Database(master_key), m_db(std::move(db)), m_table_name(table_name) {
17 m_db->create_table("create table if not exists " + m_table_name + "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
18}
BOTAN_FUTURE_EXPLICIT Encrypted_PSK_Database(const secure_vector< uint8_t > &master_key)
Definition psk_db.cpp:27

References Botan::Encrypted_PSK_Database::Encrypted_PSK_Database().

Referenced by Encrypted_PSK_Database_SQL(), Encrypted_PSK_Database_SQL(), operator=(), and operator=().

◆ ~Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::~Encrypted_PSK_Database_SQL ( )
overridedefault

◆ Encrypted_PSK_Database_SQL() [2/3]

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( const Encrypted_PSK_Database_SQL & other)
delete

◆ Encrypted_PSK_Database_SQL() [3/3]

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( Encrypted_PSK_Database_SQL && other)
delete

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( std::string_view name) const
overridevirtualinherited
Returns
the value associated with the specified name or otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 62 of file psk_db.cpp.

62 {
63 const auto wrapped_name = nist_key_wrap_padded(as_span_of_bytes(name), *m_cipher);
64
65 const std::string val_base64 = kv_get(base64_encode(wrapped_name));
66
67 if(val_base64.empty()) {
68 throw Invalid_Argument("Named PSK not located");
69 }
70
71 const secure_vector<uint8_t> val = base64_decode(val_base64);
72
73 auto wrap_cipher = m_cipher->new_object();
74 wrap_cipher->set_key(m_hmac->process(wrapped_name));
75
76 return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
77}
virtual std::string kv_get(std::string_view index) const =0
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:28
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition base64.cpp:160
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition base64.cpp:168
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69

References Botan::as_span_of_bytes(), Botan::base64_decode(), Botan::base64_encode(), kv_get(), Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

Referenced by ~Encrypted_PSK_Database().

◆ get_str()

std::string Botan::PSK_Database::get_str ( std::string_view name) const
inherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 18 of file psk_db.cpp.

18 {
19 return bytes_to_string(this->get(name));
20}
virtual secure_vector< uint8_t > get(std::string_view name) const =0
std::string bytes_to_string(std::span< const uint8_t > bytes)
Definition mem_utils.h:45

References Botan::bytes_to_string(), and get().

Referenced by is_encrypted().

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const
inlineoverridevirtualinherited
Returns
true if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 128 of file psk_db.h.

128{ return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const
overridevirtualinherited
Returns
the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 38 of file psk_db.cpp.

38 {
39 const std::set<std::string> encrypted_names = kv_get_all();
40
41 std::set<std::string> names;
42
43 for(const auto& enc_name : encrypted_names) {
44 try {
45 const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
46 const secure_vector<uint8_t> name_bits = nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
47
48 const auto pt_name = bytes_to_string(name_bits);
49 names.insert(pt_name);
50 } catch(Invalid_Authentication_Tag&) {}
51 }
52
53 return names;
54}
virtual std::set< std::string > kv_get_all() const =0

References Botan::base64_decode(), Botan::bytes_to_string(), kv_get_all(), and Botan::nist_key_unwrap_padded().

Referenced by ~Encrypted_PSK_Database().

◆ operator=() [1/2]

Encrypted_PSK_Database_SQL & Botan::Encrypted_PSK_Database_SQL::operator= ( const Encrypted_PSK_Database_SQL & other)
delete

◆ operator=() [2/2]

Encrypted_PSK_Database_SQL & Botan::Encrypted_PSK_Database_SQL::operator= ( Encrypted_PSK_Database_SQL && other)
delete

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( std::string_view name)
overridevirtualinherited

Remove the PSK with the given name from the database

Implements Botan::PSK_Database.

Definition at line 56 of file psk_db.cpp.

56 {
57 const auto wrapped_name = nist_key_wrap_padded(as_span_of_bytes(name), *m_cipher);
58
59 this->kv_del(base64_encode(wrapped_name));
60}
virtual void kv_del(std::string_view index)=0

References Botan::as_span_of_bytes(), Botan::base64_encode(), kv_del(), and Botan::nist_key_wrap_padded().

Referenced by ~Encrypted_PSK_Database().

◆ set()

void Botan::Encrypted_PSK_Database::set ( std::string_view name,
const uint8_t psk[],
size_t psk_len )
overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 79 of file psk_db.cpp.

79 {
80 /*
81 * Both as a basic precaution wrt key seperation, and specifically to prevent
82 * cut-and-paste attacks against the database, each PSK is encrypted with a
83 * distinct key which is derived by hashing the wrapped key name with HMAC.
84 */
85 const auto wrapped_name = nist_key_wrap_padded(as_span_of_bytes(name), *m_cipher);
86
87 auto wrap_cipher = m_cipher->new_object();
88 wrap_cipher->set_key(m_hmac->process(wrapped_name));
89 const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
90
91 this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
92}
virtual void kv_set(std::string_view index, std::string_view value)=0

References Botan::as_span_of_bytes(), Botan::base64_encode(), kv_set(), and Botan::nist_key_wrap_padded().

Referenced by ~Encrypted_PSK_Database().

◆ set_str()

void Botan::PSK_Database::set_str ( std::string_view name,
std::string_view psk )
inherited

Like set() but accepts the PSK as a string (eg for a password).

Definition at line 22 of file psk_db.cpp.

22 {
23 auto pskb = as_span_of_bytes(psk);
24 this->set(name, pskb.data(), pskb.size());
25}
virtual void set(std::string_view name, const uint8_t psk[], size_t psk_len)=0

References Botan::as_span_of_bytes(), and set().

Referenced by is_encrypted().

◆ set_vec()

void Botan::PSK_Database::set_vec ( std::string_view name,
std::span< const uint8_t > psk )
inlineinherited

Like set() but accepting an arbitrary contiguous byte array.

Definition at line 69 of file psk_db.h.

69{ set(name, psk.data(), psk.size()); }

References set().


The documentation for this class was generated from the following files: