#include <psk_db.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:

Public Member Functions
	Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, const std::string &table_name)

secure_vector< uint8_t >	get (const std::string &name) const override

std::string	get_str (const std::string &name) const

bool	is_encrypted () const override

std::set< std::string >	list_names () const override

void	remove (const std::string &name) override

void	set (const std::string &name, const uint8_t psk[], size_t psk_len) override

void	set_str (const std::string &name, const std::string &psk)

template<typename Alloc >
void	set_vec (const std::string &name, const std::vector< uint8_t, Alloc > &psk)

	~Encrypted_PSK_Database_SQL ()

Detailed Description

Definition at line 146 of file psk_db.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL	(	const secure_vector< uint8_t > &	master_key,
		std::shared_ptr< SQL_Database >	db,
		const std::string &	table_name
	)

Definition at line 12 of file psk_db_sql.cpp.

                                                                                    :
   Encrypted_PSK_Database(master_key),
   m_db(std::move(db)),
   m_table_name(table_name)
   {
   m_db->create_table(
      "create table if not exists " + m_table_name +
      "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
   }

◆ ~Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::~Encrypted_PSK_Database_SQL ( )

Definition at line 24 of file psk_db_sql.cpp.

   {
   /* for ~unique_ptr */
   }

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( const std::string & name ) const

overridevirtualinherited

Return the value associated with the specified

Parameters

name	or otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 66 of file psk_db.cpp.

   {
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()),
                           name.size(),
                           *m_cipher);
 
   const std::string val_base64 = kv_get(base64_encode(wrapped_name));
 
   if(val_base64.empty())
      throw Invalid_Argument("Named PSK not located");
 
   const secure_vector<uint8_t> val = base64_decode(val_base64);
 
   auto wrap_cipher = m_cipher->new_object();
   wrap_cipher->set_key(m_hmac->process(wrapped_name));
 
   return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
   }

References Botan::base64_decode(), Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_get(), name, Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

◆ get_str()

std::string Botan::PSK_Database::get_str ( const std::string & name ) const

inlineinherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 59 of file psk_db.h.

         {
         secure_vector<uint8_t> psk = get(name);
         return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
         }

References Botan::cast_uint8_ptr_to_char(), and name.

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const

inlineoverridevirtualinherited

Returns if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 114 of file psk_db.h.

114{ return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const

overridevirtualinherited

Return the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 31 of file psk_db.cpp.

   {
   const std::set<std::string> encrypted_names = kv_get_all();
 
   std::set<std::string> names;
 
   for(const std::string& enc_name : encrypted_names)
      {
      try
         {
         const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
         const secure_vector<uint8_t> name_bits =
            nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
 
         std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size());
         names.insert(pt_name);
         }
      catch(Invalid_Authentication_Tag&)
         {
         }
      }
 
   return names;
   }

References Botan::base64_decode(), Botan::cast_uint8_ptr_to_char(), Botan::Encrypted_PSK_Database::kv_get_all(), and Botan::nist_key_unwrap_padded().

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( const std::string & name )

overridevirtualinherited

Remove a PSK from the database

Implements Botan::PSK_Database.

Definition at line 56 of file psk_db.cpp.

   {
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()),
                           name.size(),
                           *m_cipher);
 
   this->kv_del(base64_encode(wrapped_name));
   }

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_del(), name, and Botan::nist_key_wrap_padded().

◆ set()

void Botan::Encrypted_PSK_Database::set	(	const std::string &	name,
		const uint8_t	psk[],
		size_t	psk_len
	)

overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 86 of file psk_db.cpp.

   {
   /*
   * Both as a basic precaution wrt key seperation, and specifically to prevent
   * cut-and-paste attacks against the database, each PSK is encrypted with a
   * distinct key which is derived by hashing the wrapped key name with HMAC.
   */
   const std::vector<uint8_t> wrapped_name =
      nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()),
                           name.size(),
                           *m_cipher);
 
   auto wrap_cipher = m_cipher->new_object();
   wrap_cipher->set_key(m_hmac->process(wrapped_name));
   const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
 
   this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
   }

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_set(), name, and Botan::nist_key_wrap_padded().

◆ set_str()

void Botan::PSK_Database::set_str	(	const std::string &	name,
		const std::string &	psk
	)

inlineinherited

Definition at line 65 of file psk_db.h.

         {
         set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
         }

References Botan::cast_char_ptr_to_uint8(), and name.

◆ set_vec()

template<typename Alloc >

void Botan::PSK_Database::set_vec	(	const std::string &	name,
		const std::vector< uint8_t, Alloc > &	psk
	)

inlineinherited

Definition at line 71 of file psk_db.h.

         {
         set(name, psk.data(), psk.size());
         }

References name.

The documentation for this class was generated from the following files:

src/lib/psk_db/psk_db.h
src/lib/psk_db/psk_db_sql.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

◆ ~Encrypted_PSK_Database_SQL()

Member Function Documentation

◆ get()

◆ get_str()

◆ is_encrypted()

◆ list_names()

◆ remove()

◆ set()

◆ set_str()

◆ set_vec()