Botan 3.1.1
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Encrypted_PSK_Database_SQL Class Reference

#include <psk_db.h>

Inheritance diagram for Botan::Encrypted_PSK_Database_SQL:
Botan::Encrypted_PSK_Database Botan::PSK_Database

Public Member Functions

 Encrypted_PSK_Database_SQL (const secure_vector< uint8_t > &master_key, std::shared_ptr< SQL_Database > db, std::string_view table_name)
 
secure_vector< uint8_t > get (std::string_view name) const override
 
std::string get_str (std::string_view name) const
 
bool is_encrypted () const override
 
std::set< std::string > list_names () const override
 
void remove (std::string_view name) override
 
void set (std::string_view name, const uint8_t psk[], size_t psk_len) override
 
void set_str (std::string_view name, std::string_view psk)
 
template<typename Alloc >
void set_vec (std::string_view name, const std::vector< uint8_t, Alloc > &psk)
 
 ~Encrypted_PSK_Database_SQL ()
 

Detailed Description

Definition at line 139 of file psk_db.h.

Constructor & Destructor Documentation

◆ Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::Encrypted_PSK_Database_SQL ( const secure_vector< uint8_t > &  master_key,
std::shared_ptr< SQL_Database db,
std::string_view  table_name 
)

Definition at line 13 of file psk_db_sql.cpp.

15 :
16 Encrypted_PSK_Database(master_key), m_db(std::move(db)), m_table_name(table_name) {
17 m_db->create_table("create table if not exists " + m_table_name + "(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
18}
Encrypted_PSK_Database(const secure_vector< uint8_t > &master_key)
Definition: psk_db.cpp:17

◆ ~Encrypted_PSK_Database_SQL()

Botan::Encrypted_PSK_Database_SQL::~Encrypted_PSK_Database_SQL ( )
default

Member Function Documentation

◆ get()

secure_vector< uint8_t > Botan::Encrypted_PSK_Database::get ( std::string_view  name) const
overridevirtualinherited

Return the value associated with the specified

Parameters
nameor otherwise throw an exception.

Implements Botan::PSK_Database.

Definition at line 53 of file psk_db.cpp.

53 {
54 const std::vector<uint8_t> wrapped_name =
55 nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
56
57 const std::string val_base64 = kv_get(base64_encode(wrapped_name));
58
59 if(val_base64.empty()) {
60 throw Invalid_Argument("Named PSK not located");
61 }
62
63 const secure_vector<uint8_t> val = base64_decode(val_base64);
64
65 auto wrap_cipher = m_cipher->new_object();
66 wrap_cipher->set_key(m_hmac->process(wrapped_name));
67
68 return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
69}
virtual std::string kv_get(std::string_view index) const =0
std::string name
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:146
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:154
std::vector< uint8_t > nist_key_wrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
secure_vector< uint8_t > nist_key_unwrap_padded(const uint8_t input[], size_t input_len, const BlockCipher &bc)
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:177

References Botan::base64_decode(), Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_get(), name, Botan::nist_key_unwrap_padded(), and Botan::nist_key_wrap_padded().

◆ get_str()

std::string Botan::PSK_Database::get_str ( std::string_view  name) const
inlineinherited

Get a PSK in the form of a string (eg if the PSK is a password)

Definition at line 58 of file psk_db.h.

58 {
59 secure_vector<uint8_t> psk = get(name);
60 return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
61 }
virtual secure_vector< uint8_t > get(std::string_view name) const =0
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:181

References Botan::cast_uint8_ptr_to_char(), and name.

◆ is_encrypted()

bool Botan::Encrypted_PSK_Database::is_encrypted ( ) const
inlineoverridevirtualinherited

Returns if the values in the PSK database are encrypted. If false, saved values are being stored in plaintext.

Implements Botan::PSK_Database.

Definition at line 107 of file psk_db.h.

107{ return true; }

◆ list_names()

std::set< std::string > Botan::Encrypted_PSK_Database::list_names ( ) const
overridevirtualinherited

Return the set of names for which get() will return a value.

Implements Botan::PSK_Database.

Definition at line 28 of file psk_db.cpp.

28 {
29 const std::set<std::string> encrypted_names = kv_get_all();
30
31 std::set<std::string> names;
32
33 for(const auto& enc_name : encrypted_names) {
34 try {
35 const secure_vector<uint8_t> raw_name = base64_decode(enc_name);
36 const secure_vector<uint8_t> name_bits = nist_key_unwrap_padded(raw_name.data(), raw_name.size(), *m_cipher);
37
38 std::string pt_name(cast_uint8_ptr_to_char(name_bits.data()), name_bits.size());
39 names.insert(pt_name);
40 } catch(Invalid_Authentication_Tag&) {}
41 }
42
43 return names;
44}
virtual std::set< std::string > kv_get_all() const =0

References Botan::base64_decode(), Botan::cast_uint8_ptr_to_char(), Botan::Encrypted_PSK_Database::kv_get_all(), and Botan::nist_key_unwrap_padded().

◆ remove()

void Botan::Encrypted_PSK_Database::remove ( std::string_view  name)
overridevirtualinherited

Remove a PSK from the database

Implements Botan::PSK_Database.

Definition at line 46 of file psk_db.cpp.

46 {
47 const std::vector<uint8_t> wrapped_name =
48 nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
49
50 this->kv_del(base64_encode(wrapped_name));
51}
virtual void kv_del(std::string_view index)=0

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_del(), name, and Botan::nist_key_wrap_padded().

◆ set()

void Botan::Encrypted_PSK_Database::set ( std::string_view  name,
const uint8_t  psk[],
size_t  psk_len 
)
overridevirtualinherited

Set a value that can later be accessed with get(). If name already exists in the database, the old value will be overwritten.

Implements Botan::PSK_Database.

Definition at line 71 of file psk_db.cpp.

71 {
72 /*
73 * Both as a basic precaution wrt key seperation, and specifically to prevent
74 * cut-and-paste attacks against the database, each PSK is encrypted with a
75 * distinct key which is derived by hashing the wrapped key name with HMAC.
76 */
77 const std::vector<uint8_t> wrapped_name =
78 nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()), name.size(), *m_cipher);
79
80 auto wrap_cipher = m_cipher->new_object();
81 wrap_cipher->set_key(m_hmac->process(wrapped_name));
82 const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
83
84 this->kv_set(base64_encode(wrapped_name), base64_encode(wrapped_key));
85}
virtual void kv_set(std::string_view index, std::string_view value)=0

References Botan::base64_encode(), Botan::cast_char_ptr_to_uint8(), Botan::Encrypted_PSK_Database::kv_set(), name, and Botan::nist_key_wrap_padded().

◆ set_str()

void Botan::PSK_Database::set_str ( std::string_view  name,
std::string_view  psk 
)
inlineinherited

Definition at line 63 of file psk_db.h.

63 {
64 set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
65 }
virtual void set(std::string_view name, const uint8_t psk[], size_t psk_len)=0

References Botan::cast_char_ptr_to_uint8(), and name.

◆ set_vec()

template<typename Alloc >
void Botan::PSK_Database::set_vec ( std::string_view  name,
const std::vector< uint8_t, Alloc > &  psk 
)
inlineinherited

Definition at line 68 of file psk_db.h.

68 {
69 set(name, psk.data(), psk.size());
70 }

References name.


The documentation for this class was generated from the following files: