Botan  2.6.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::Encrypted_PSK_Database_SQL Class Reference

#include <psk_db_sql.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:
Botan::Encrypted_PSK_Database Botan::PSK_Database

Public Member Functions

 Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, const std::string &table_name)
 
secure_vector< uint8_t > get (const std::string &name) const override
 
std::string get_str (const std::string &name) const
 
bool is_encrypted () const override
 
std::set< std::string > list_names () const override
 
void remove (const std::string &name) override
 
void set (const std::string &name, const uint8_t psk[], size_t psk_len) override
 
void set_str (const std::string &name, const std::string &psk)
 
template<typename Alloc >
void set_vec (const std::string &name, const std::vector< uint8_t, Alloc > &psk)
 

Detailed Description

Definition at line 15 of file psk_db_sql.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( const secure_vector< uint8_t > &  master_key,
std::shared_ptr< SQL_Database db,
const std::string &  table_name 
)

Definition at line 11 of file psk_db_sql.cpp.

13  :
14  Encrypted_PSK_Database(master_key),
15  m_db(db),
16  m_table_name(table_name)
17  {
18  m_db->create_table(
19  "create table if not exists " + m_table_name +
20  "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
21  }
Encrypted_PSK_Database(const secure_vector< uint8_t > &master_key)
Definition: psk_db.cpp:15

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( const std::string &  name) const
overridevirtualinherited

Return the value associated with the specified

Parameters
nameor otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 65 of file psk_db.cpp.

References Botan::base64_decode(), Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_get(), Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

66  {
67  const std::vector<uint8_t> wrapped_name =
69  name.size(),
70  *m_cipher);
71 
72  const std::string val_base64 = kv_get(base64_encode(wrapped_name));
73 
74  if(val_base64.empty())
75  throw Invalid_Argument("Named PSK not located");
76 
77  const secure_vector<uint8_t> val = base64_decode(val_base64);
78 
79  std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
80  wrap_cipher->set_key(m_hmac->process(wrapped_name));
81 
82  return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
83  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:35
size_t base64_decode(uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:100
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
virtual std::string kv_get(const std::string &index) const =0

◆ get_str()

std::string Botan::PSK_Database::get_str ( const std::string &  name) const
inlineinherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 59 of file psk_db.h.

References Botan::cast_uint8_ptr_to_char().

60  {
61  secure_vector<uint8_t> psk = get(name);
62  return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
63  }
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:136

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const
inlineoverridevirtualinherited

Returns if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 114 of file psk_db.h.

114 { return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const
overridevirtualinherited

Return the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 30 of file psk_db.cpp.

References Botan::base64_decode(), Botan::cast_uint8_ptr_to_char(), Botan::Encrypted_PSK_Database::kv_get_all(), and Botan::nist_key_unwrap_padded().

31  {
32  const std::set<std::string> encrypted_names = kv_get_all();
33 
34  std::set<std::string> names;
35 
36  for(std::string enc_name : encrypted_names)
37  {
38  try
39  {
40  const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
41  const secure_vector<uint8_t> name_bits =
42  nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
43 
44  std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size());
45  names.insert(pt_name);
46  }
47  catch(Integrity_Failure&)
48  {
49  }
50  }
51 
52  return names;
53  }
virtual std::set< std::string > kv_get_all() const =0
size_t base64_decode(uint8_t output[], const char input[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:100
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:136

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( const std::string &  name)
overridevirtualinherited

Remove a PSK from the database

Implements Botan::PSK_Database.

Definition at line 55 of file psk_db.cpp.

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_del(), and Botan::nist_key_wrap_padded().

56  {
57  const std::vector<uint8_t> wrapped_name =
59  name.size(),
60  *m_cipher);
61 
62  this->kv_del(base64_encode(wrapped_name));
63  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:35
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
virtual void kv_del(const std::string &index)=0

◆ set()

void Botan::Encrypted_PSK_Database::set ( const std::string &  name,
const uint8_t  psk[],
size_t  psk_len 
)
overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 85 of file psk_db.cpp.

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_set(), and Botan::nist_key_wrap_padded().

86  {
87  /*
88  * Both as a basic precaution wrt key seperation, and specifically to prevent
89  * cut-and-paste attacks against the database, each PSK is encrypted with a
90  * distinct key which is derived by hashing the wrapped key name with HMAC.
91  */
92  const std::vector<uint8_t> wrapped_name =
94  name.size(),
95  *m_cipher);
96 
97  std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
98  wrap_cipher->set_key(m_hmac->process(wrapped_name));
99  const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
100 
101  this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
102  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
virtual void kv_set(const std::string &index, const std::string &value)=0
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:35
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)

◆ set_str()

void Botan::PSK_Database::set_str ( const std::string &  name,
const std::string &  psk 
)
inlineinherited

Definition at line 65 of file psk_db.h.

References Botan::cast_char_ptr_to_uint8().

66  {
67  set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
68  }
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131

◆ set_vec()

template<typename Alloc >
void Botan::PSK_Database::set_vec ( const std::string &  name,
const std::vector< uint8_t, Alloc > &  psk 
)
inlineinherited

Definition at line 71 of file psk_db.h.

74  {
75  set(name, psk.data(), psk.size());
76  }

The documentation for this class was generated from the following files: