Botan 3.5.0
Crypto and TLS for C&
tls_external_psk.h
Go to the documentation of this file.
1/*
2 * TLS 1.3 Preshared Key Container
3 * (C) 2023 Jack Lloyd
4 * 2023 Fabian Albert, René Meusel - Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9#ifndef BOTAN_TLS_EXTERNAL_PSK_H_
10#define BOTAN_TLS_EXTERNAL_PSK_H_
11
12#include <botan/secmem.h>
13#include <botan/strong_type.h>
14
15#include <utility>
16#include <vector>
17
18namespace Botan::TLS {
19
20/**
21 * This is an externally provided PreSharedKey along with its identity, master
22 * secret and (in case of TLS 1.3) a pre-provisioned Pseudo Random Function.
23 */
25 public:
26 ExternalPSK(const ExternalPSK&) = delete;
30 ~ExternalPSK() = default;
31
32 ExternalPSK(std::string_view identity, std::string_view prf_algo, secure_vector<uint8_t> psk) :
33 m_identity(identity), m_prf_algo(prf_algo), m_master_secret(std::move(psk)) {}
34
35 /**
36 * Identity (e.g. username of the PSK owner) of the preshared key.
37 * Despite the std::string return type, this may or may not be a
38 * human-readable/printable string.
39 */
40 const std::string& identity() const { return m_identity; }
41
42 /**
43 * Returns the master secret by moving it out of this object. Do not call
44 * this method more than once.
45 */
47 BOTAN_STATE_CHECK(!m_master_secret.empty());
48 return std::exchange(m_master_secret, {});
49 }
50
51 /**
52 * External preshared keys in TLS 1.3 must be provisioned with a
53 * pseudo-random function (typically SHA-256 or the like). This is
54 * needed to calculate/verify the PSK binder values in the client hello.
55 */
56 const std::string& prf_algo() const { return m_prf_algo; }
57
58 private:
59 std::string m_identity;
60 std::string m_prf_algo;
61 secure_vector<uint8_t> m_master_secret;
62};
63
64} // namespace Botan::TLS
65
66#endif
#define BOTAN_STATE_CHECK(expr)
Definition assert.h:41
ExternalPSK(const ExternalPSK &)=delete
const std::string & prf_algo() const
const std::string & identity() const
ExternalPSK(std::string_view identity, std::string_view prf_algo, secure_vector< uint8_t > psk)
ExternalPSK(ExternalPSK &&)=default
ExternalPSK & operator=(const ExternalPSK &)=delete
secure_vector< uint8_t > extract_master_secret()
ExternalPSK & operator=(ExternalPSK &&)=default
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61