Botan  2.7.0
Crypto and TLS for C++11
psk_db.h
Go to the documentation of this file.
1 /*
2 * (C) 2017 Jack Lloyd
3 *
4 * Botan is released under the Simplified BSD License (see license.txt)
5 */
6 
7 #ifndef BOTAN_PSK_DB_H_
8 #define BOTAN_PSK_DB_H_
9 
10 #include <botan/secmem.h>
11 #include <memory>
12 #include <string>
13 #include <set>
14 
15 namespace Botan {
16 
17 class BlockCipher;
18 class MessageAuthenticationCode;
19 
20 /**
21 * This is an interface to a generic PSK (pre-shared key) database.
22 * It might be implemented as a plaintext storage or via some mechanism
23 * that encrypts the keys and/or values.
24 */
26  {
27  public:
28  /**
29  * Return the set of names for which get() will return a value.
30  */
31  virtual std::set<std::string> list_names() const = 0;
32 
33  /**
34  * Return the value associated with the specified @param name or otherwise
35  * throw an exception.
36  */
37  virtual secure_vector<uint8_t> get(const std::string& name) const = 0;
38 
39  /**
40  * Set a value that can later be accessed with get().
41  * If name already exists in the database, the old value will be overwritten.
42  */
43  virtual void set(const std::string& name, const uint8_t psk[], size_t psk_len) = 0;
44 
45  /**
46  * Remove a PSK from the database
47  */
48  virtual void remove(const std::string& name) = 0;
49 
50  /**
51  * Returns if the values in the PSK database are encrypted. If
52  * false, saved values are being stored in plaintext.
53  */
54  virtual bool is_encrypted() const = 0;
55 
56  /**
57  * Get a PSK in the form of a string (eg if the PSK is a password)
58  */
59  std::string get_str(const std::string& name) const
60  {
61  secure_vector<uint8_t> psk = get(name);
62  return std::string(cast_uint8_ptr_to_char(psk.data()), psk.size());
63  }
64 
65  void set_str(const std::string& name, const std::string& psk)
66  {
67  set(name, cast_char_ptr_to_uint8(psk.data()), psk.size());
68  }
69 
70  template<typename Alloc>
71  void set_vec(const std::string& name,
72  const std::vector<uint8_t, Alloc>& psk)
73 
74  {
75  set(name, psk.data(), psk.size());
76  }
77 
78  virtual ~PSK_Database() = default;
79  };
80 
81 /**
82 * A mixin for an encrypted PSK database.
83 * Both keys and values are encrypted with NIST AES-256 key wrapping.
84 * Values are padded to obscure their length before encryption, allowing
85 * it to be used as a password vault.
86 *
87 * Subclasses must implement the virtual calls to handle storing and
88 * getting raw (base64 encoded) values.
89 */
91  {
92  public:
93  /**
94  * @param master_key specifies the master key used to encrypt all
95  * keys and value. It can be of any length, but should be at least 256 bits.
96  *
97  * Subkeys for the cryptographic algorithms used are derived from this
98  * master key. No key stretching is performed; if encrypting a PSK database
99  * using a password, it is recommended to use PBKDF2 to derive the database
100  * master key.
101  */
103 
105 
106  std::set<std::string> list_names() const override;
107 
108  secure_vector<uint8_t> get(const std::string& name) const override;
109 
110  void set(const std::string& name, const uint8_t psk[], size_t psk_len) override;
111 
112  void remove(const std::string& name) override;
113 
114  bool is_encrypted() const override { return true; }
115 
116  protected:
117  /**
118  * Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings.
119  */
120  virtual void kv_set(const std::string& index, const std::string& value) = 0;
121 
122  /**
123  * Get a value previously saved with set_raw_value. Should return an empty
124  * string if index is not found.
125  */
126  virtual std::string kv_get(const std::string& index) const = 0;
127 
128  /**
129  * Remove an index
130  */
131  virtual void kv_del(const std::string& index) = 0;
132 
133  /**
134  * Return all indexes in the table.
135  */
136  virtual std::set<std::string> kv_get_all() const = 0;
137 
138  private:
139  std::unique_ptr<BlockCipher> m_cipher;
140  std::unique_ptr<MessageAuthenticationCode> m_hmac;
141  secure_vector<uint8_t> m_wrap_key;
142  };
143 
144 }
145 
146 #endif
bool is_encrypted() const override
Definition: psk_db.h:114
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
void set_vec(const std::string &name, const std::vector< uint8_t, Alloc > &psk)
Definition: psk_db.h:71
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:131
std::string get_str(const std::string &name) const
Definition: psk_db.h:59
Definition: alg_id.cpp:13
void set_str(const std::string &name, const std::string &psk)
Definition: psk_db.h:65
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:136
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88