Botan 3.1.1
Crypto and TLS for C&
psk_db.h
Go to the documentation of this file.
1/*
2* (C) 2017 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#ifndef BOTAN_PSK_DB_H_
8#define BOTAN_PSK_DB_H_
9
10#include <botan/secmem.h>
11#include <memory>
12#include <set>
13#include <string>
14
15namespace Botan {
16
17class BlockCipher;
18class MessageAuthenticationCode;
19
20/**
21* This is an interface to a generic PSK (pre-shared key) database.
22* It might be implemented as a plaintext storage or via some mechanism
23* that encrypts the keys and/or values.
24*/
26 public:
27 /**
28 * Return the set of names for which get() will return a value.
29 */
30 virtual std::set<std::string> list_names() const = 0;
31
32 /**
33 * Return the value associated with the specified @param name or otherwise
34 * throw an exception.
35 */
36 virtual secure_vector<uint8_t> get(std::string_view name) const = 0;
37
38 /**
39 * Set a value that can later be accessed with get().
40 * If name already exists in the database, the old value will be overwritten.
41 */
42 virtual void set(std::string_view name, const uint8_t psk[], size_t psk_len) = 0;
43
44 /**
45 * Remove a PSK from the database
46 */
47 virtual void remove(std::string_view name) = 0;
48
49 /**
50 * Returns if the values in the PSK database are encrypted. If
51 * false, saved values are being stored in plaintext.
52 */
53 virtual bool is_encrypted() const = 0;
54
55 /**
56 * Get a PSK in the form of a string (eg if the PSK is a password)
57 */
58 std::string get_str(std::string_view name) const {
60 return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
61 }
62
63 void set_str(std::string_view name, std::string_view psk) {
64 set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
65 }
66
67 template <typename Alloc>
68 void set_vec(std::string_view name, const std::vector<uint8_t, Alloc>& psk) {
69 set(name, psk.data(), psk.size());
70 }
71
72 virtual ~PSK_Database() = default;
73};
74
75/**
76* A mixin for an encrypted PSK database.
77* Both keys and values are encrypted with NIST AES-256 key wrapping.
78* Values are padded to obscure their length before encryption, allowing
79* it to be used as a password vault.
80*
81* Subclasses must implement the virtual calls to handle storing and
82* getting raw (base64 encoded) values.
83*/
85 public:
86 /**
87 * @param master_key specifies the master key used to encrypt all
88 * keys and value. It can be of any length, but should be at least 256 bits.
89 *
90 * Subkeys for the cryptographic algorithms used are derived from this
91 * master key. No key stretching is performed; if encrypting a PSK database
92 * using a password, it is recommended to use PBKDF2 to derive the database
93 * master key.
94 */
96
98
99 std::set<std::string> list_names() const override;
100
101 secure_vector<uint8_t> get(std::string_view name) const override;
102
103 void set(std::string_view name, const uint8_t psk[], size_t psk_len) override;
104
105 void remove(std::string_view name) override;
106
107 bool is_encrypted() const override { return true; }
108
109 protected:
110 /**
111 * Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings.
112 */
113 virtual void kv_set(std::string_view index, std::string_view value) = 0;
114
115 /**
116 * Get a value previously saved with set_raw_value. Should return an empty
117 * string if index is not found.
118 */
119 virtual std::string kv_get(std::string_view index) const = 0;
120
121 /**
122 * Remove an index
123 */
124 virtual void kv_del(std::string_view index) = 0;
125
126 /**
127 * Return all indexes in the table.
128 */
129 virtual std::set<std::string> kv_get_all() const = 0;
130
131 private:
132 std::unique_ptr<BlockCipher> m_cipher;
133 std::unique_ptr<MessageAuthenticationCode> m_hmac;
134 secure_vector<uint8_t> m_wrap_key;
135};
136
137class SQL_Database;
138
140 public:
142 std::shared_ptr<SQL_Database> db,
143 std::string_view table_name);
144
146
147 private:
148 void kv_set(std::string_view index, std::string_view value) override;
149 std::string kv_get(std::string_view index) const override;
150 void kv_del(std::string_view index) override;
151 std::set<std::string> kv_get_all() const override;
152
153 std::shared_ptr<SQL_Database> m_db;
154 const std::string m_table_name;
155};
156
157} // namespace Botan
158
159#endif
bool is_encrypted() const override
Definition: psk_db.h:107
virtual void kv_set(std::string_view index, std::string_view value)=0
virtual void kv_del(std::string_view index)=0
virtual std::string kv_get(std::string_view index) const =0
virtual std::set< std::string > kv_get_all() const =0
void set_str(std::string_view name, std::string_view psk)
Definition: psk_db.h:63
virtual std::set< std::string > list_names() const =0
virtual void set(std::string_view name, const uint8_t psk[], size_t psk_len)=0
virtual bool is_encrypted() const =0
std::string get_str(std::string_view name) const
Definition: psk_db.h:58
virtual ~PSK_Database()=default
virtual secure_vector< uint8_t > get(std::string_view name) const =0
virtual void remove(std::string_view name)=0
void set_vec(std::string_view name, const std::vector< uint8_t, Alloc > &psk)
Definition: psk_db.h:68
std::string name
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:20
Definition: alg_id.cpp:13
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:181
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:61
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:177