Botan 2.19.1
Crypto and TLS for C&
psk_db.h
Go to the documentation of this file.
1/*
2* (C) 2017 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_PSK_DB_H_
8#define BOTAN_PSK_DB_H_
9
10#include <botan/secmem.h>
11#include <memory>
12#include <string>
13#include <set>
14
15namespace Botan {
16
17class BlockCipher;
18class MessageAuthenticationCode;
19
20/**
21* This is an interface to a generic PSK (pre-shared key) database.
22* It might be implemented as a plaintext storage or via some mechanism
23* that encrypts the keys and/or values.
24*/
26 {
27 public:
28 /**
29 * Return the set of names for which get() will return a value.
30 */
31 virtual std::set<std::string> list_names() const = 0;
32
33 /**
34 * Return the value associated with the specified @param name or otherwise
35 * throw an exception.
36 */
37 virtual secure_vector<uint8_t> get(const std::string& name) const = 0;
38
39 /**
40 * Set a value that can later be accessed with get().
41 * If name already exists in the database, the old value will be overwritten.
42 */
43 virtual void set(const std::string& name, const uint8_t psk[], size_t psk_len) = 0;
44
45 /**
46 * Remove a PSK from the database
47 */
48 virtual void remove(const std::string& name) = 0;
49
50 /**
51 * Returns if the values in the PSK database are encrypted. If
52 * false, saved values are being stored in plaintext.
53 */
54 virtual bool is_encrypted() const = 0;
55
56 /**
57 * Get a PSK in the form of a string (eg if the PSK is a password)
58 */
59 std::string get_str(const std::string& name) const
60 {
62 return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
63 }
64
65 void set_str(const std::string& name, const std::string& psk)
66 {
67 set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
68 }
69
70 template<typename Alloc>
71 void set_vec(const std::string& name,
72 const std::vector<uint8_t, Alloc>& psk)
73
74 {
75 set(name, psk.data(), psk.size());
76 }
77
78 virtual ~PSK_Database() = default;
79 };
80
81/**
82* A mixin for an encrypted PSK database.
83* Both keys and values are encrypted with NIST AES-256 key wrapping.
84* Values are padded to obscure their length before encryption, allowing
85* it to be used as a password vault.
86*
87* Subclasses must implement the virtual calls to handle storing and
88* getting raw (base64 encoded) values.
89*/
91 {
92 public:
93 /**
94 * @param master_key specifies the master key used to encrypt all
95 * keys and value. It can be of any length, but should be at least 256 bits.
96 *
97 * Subkeys for the cryptographic algorithms used are derived from this
98 * master key. No key stretching is performed; if encrypting a PSK database
99 * using a password, it is recommended to use PBKDF2 to derive the database
100 * master key.
101 */
103
105
106 std::set<std::string> list_names() const override;
107
108 secure_vector<uint8_t> get(const std::string& name) const override;
109
110 void set(const std::string& name, const uint8_t psk[], size_t psk_len) override;
111
112 void remove(const std::string& name) override;
113
114 bool is_encrypted() const override { return true; }
115
116 protected:
117 /**
118 * Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings.
119 */
120 virtual void kv_set(const std::string& index, const std::string& value) = 0;
121
122 /**
123 * Get a value previously saved with set_raw_value. Should return an empty
124 * string if index is not found.
125 */
126 virtual std::string kv_get(const std::string& index) const = 0;
127
128 /**
129 * Remove an index
130 */
131 virtual void kv_del(const std::string& index) = 0;
132
133 /**
134 * Return all indexes in the table.
135 */
136 virtual std::set<std::string> kv_get_all() const = 0;
137
138 private:
139 std::unique_ptr<BlockCipher> m_cipher;
140 std::unique_ptr<MessageAuthenticationCode> m_hmac;
141 secure_vector<uint8_t> m_wrap_key;
142 };
143
144class SQL_Database;
145
147 {
148 public:
150 std::shared_ptr<SQL_Database> db,
151 const std::string& table_name);
152
154 private:
155 void kv_set(const std::string& index, const std::string& value) override;
156 std::string kv_get(const std::string& index) const override;
157 void kv_del(const std::string& index) override;
158 std::set<std::string> kv_get_all() const override;
159
160 std::shared_ptr<SQL_Database> m_db;
161 const std::string m_table_name;
162 };
163
164}
165
166#endif
bool is_encrypted() const override
Definition: psk_db.h:114
virtual void kv_del(const std::string &index)=0
virtual std::string kv_get(const std::string &index) const =0
virtual std::set< std::string > kv_get_all() const =0
virtual void kv_set(const std::string &index, const std::string &value)=0
std::string get_str(const std::string &name) const
Definition: psk_db.h:59
virtual std::set< std::string > list_names() const =0
void set_vec(const std::string &name, const std::vector< uint8_t, Alloc > &psk)
Definition: psk_db.h:71
virtual void set(const std::string &name, const uint8_t psk[], size_t psk_len)=0
virtual bool is_encrypted() const =0
virtual secure_vector< uint8_t > get(const std::string &name) const =0
void set_str(const std::string &name, const std::string &psk)
Definition: psk_db.h:65
virtual ~PSK_Database()=default
virtual void remove(const std::string &name)=0
std::string name
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:195
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190