doxygen/psk__db_8h_source.html

/*

* (C) 2017 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_PSK_DB_H_

#define BOTAN_PSK_DB_H_


#include <botan/secmem.h>

#include <memory>

#include <string>

#include <set>


namespace Botan {


class BlockCipher;

class MessageAuthenticationCode;


/**

* This is an interface to a generic PSK (pre-shared key) database.

* It might be implemented as a plaintext storage or via some mechanism

* that encrypts the keys and/or values.

*/

class BOTAN_PUBLIC_API(2,4) PSK_Database

   {

   public:

      /**

      * Return the set of names for which get() will return a value.

      */

      virtual std::set<std::string> list_names() const = 0;


      /**

      * Return the value associated with the specified @param name or otherwise

      * throw an exception.

      */

      virtual secure_vector<uint8_t> get(const std::string& name) const = 0;


      /**

      * Set a value that can later be accessed with get().

      * If name already exists in the database, the old value will be overwritten.

      */

      virtual void set(const std::string& name, const uint8_t psk[], size_t psk_len) = 0;


      /**

      * Remove a PSK from the database

      */

      virtual void remove(const std::string& name) = 0;


      /**

      * Returns if the values in the PSK database are encrypted. If

      * false, saved values are being stored in plaintext.

      */

      virtual bool is_encrypted() const = 0;


      /**

      * Get a PSK in the form of a string (eg if the PSK is a password)

      */

      std::string get_str(const std::string& name) const

         {

         secure_vector<uint8_t> psk = get(name);

         return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());

         }


      void set_str(const std::string& name, const std::string& psk)

         {

         set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());

         }


      template<typename Alloc>

      void set_vec(const std::string& name,

                   const std::vector<uint8_t, Alloc>& psk)


         {

         set(name, psk.data(), psk.size());

         }


      virtual ~PSK_Database() = default;

   };


/**

* A mixin for an encrypted PSK database.

* Both keys and values are encrypted with NIST AES-256 key wrapping.

* Values are padded to obscure their length before encryption, allowing

* it to be used as a password vault.

*

* Subclasses must implement the virtual calls to handle storing and

* getting raw (base64 encoded) values.

*/

class BOTAN_PUBLIC_API(2,4) Encrypted_PSK_Database : public PSK_Database

   {

   public:

      /**

      * @param master_key specifies the master key used to encrypt all

      * keys and value. It can be of any length, but should be at least 256 bits.

      *

      * Subkeys for the cryptographic algorithms used are derived from this

      * master key. No key stretching is performed; if encrypting a PSK database

      * using a password, it is recommended to use PBKDF2 to derive the database

      * master key.

      */

      Encrypted_PSK_Database(const secure_vector<uint8_t>& master_key);


      ~Encrypted_PSK_Database();


      std::set<std::string> list_names() const override;


      secure_vector<uint8_t> get(const std::string& name) const override;


      void set(const std::string& name, const uint8_t psk[], size_t psk_len) override;


      void remove(const std::string& name) override;


      bool is_encrypted() const override { return true; }


   protected:

      /**

      * Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings.

      */

      virtual void kv_set(const std::string& index, const std::string& value) = 0;


      /**

      * Get a value previously saved with set_raw_value. Should return an empty

      * string if index is not found.

      */

      virtual std::string kv_get(const std::string& index) const = 0;


      /**

      * Remove an index

      */

      virtual void kv_del(const std::string& index) = 0;


      /**

      * Return all indexes in the table.

      */

      virtual std::set<std::string> kv_get_all() const = 0;


   private:

      std::unique_ptr<BlockCipher> m_cipher;

      std::unique_ptr<MessageAuthenticationCode> m_hmac;

      secure_vector<uint8_t> m_wrap_key;

   };


class SQL_Database;


class BOTAN_PUBLIC_API(2,4) Encrypted_PSK_Database_SQL : public Encrypted_PSK_Database

   {

   public:

      Encrypted_PSK_Database_SQL(const secure_vector<uint8_t>& master_key,

                                 std::shared_ptr<SQL_Database> db,

                                 const std::string& table_name);


      ~Encrypted_PSK_Database_SQL();

   private:

      void kv_set(const std::string& index, const std::string& value) override;

      std::string kv_get(const std::string& index) const override;

      void kv_del(const std::string& index) override;

      std::set<std::string> kv_get_all() const override;


      std::shared_ptr<SQL_Database> m_db;

      const std::string m_table_name;

   };


}


#endif

Botan::Encrypted_PSK_Database_SQL
Definition: psk_db.h:147

Botan::Encrypted_PSK_Database
Definition: psk_db.h:91

Botan::Encrypted_PSK_Database::is_encrypted
bool is_encrypted() const override
Definition: psk_db.h:114

Botan::Encrypted_PSK_Database::kv_del
virtual void kv_del(const std::string &index)=0

Botan::Encrypted_PSK_Database::kv_get
virtual std::string kv_get(const std::string &index) const =0

Botan::Encrypted_PSK_Database::kv_get_all
virtual std::set< std::string > kv_get_all() const =0

Botan::Encrypted_PSK_Database::kv_set
virtual void kv_set(const std::string &index, const std::string &value)=0

Botan::PSK_Database
Definition: psk_db.h:26

Botan::PSK_Database::get_str
std::string get_str(const std::string &name) const
Definition: psk_db.h:59

Botan::PSK_Database::list_names
virtual std::set< std::string > list_names() const =0

Botan::PSK_Database::set_vec
void set_vec(const std::string &name, const std::vector< uint8_t, Alloc > &psk)
Definition: psk_db.h:71

Botan::PSK_Database::set
virtual void set(const std::string &name, const uint8_t psk[], size_t psk_len)=0

Botan::PSK_Database::is_encrypted
virtual bool is_encrypted() const =0

Botan::PSK_Database::get
virtual secure_vector< uint8_t > get(const std::string &name) const =0

Botan::PSK_Database::set_str
void set_str(const std::string &name, const std::string &psk)
Definition: psk_db.h:65

Botan::PSK_Database::~PSK_Database
virtual ~PSK_Database()=default

Botan::PSK_Database::remove
virtual void remove(const std::string &name)=0

Botan::SQL_Database
Definition: database.h:20

name
std::string name
Definition: commoncrypto_hash.cpp:24

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31

Botan
Definition: alg_id.cpp:13

Botan::cast_uint8_ptr_to_char
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:195

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

Botan::cast_char_ptr_to_uint8
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190