OpenTTD Source
20241121-master-g67a0fccfad
|
Crypto specific bits of the network handling. More...
#include "network_type.h"
Go to the source code of this file.
Data Structures | |
class | NetworkEncryptionHandler |
Base class for handling the encryption (or decryption) of a network connection. More... | |
class | NetworkAuthenticationPasswordRequest |
Callback interface for requests for passwords in the context of network authentication. More... | |
class | NetworkAuthenticationPasswordRequestHandler |
Callback interface for client implementations to provide the handling of the password requests. More... | |
class | NetworkAuthenticationPasswordProvider |
Callback interface for server implementations to provide the current password. More... | |
class | NetworkAuthenticationDefaultPasswordProvider |
Default implementation of the password provider. More... | |
class | NetworkAuthenticationAuthorizedKeyHandler |
Callback interface for server implementations to provide the authorized key validation. More... | |
class | NetworkAuthenticationDefaultAuthorizedKeyHandler |
Default implementation for the authorized key handler. More... | |
class | NetworkAuthenticationHandler |
Base class for cryptographic authentication handlers. More... | |
class | NetworkAuthenticationClientHandler |
Base class for client side cryptographic authentication handlers. More... | |
class | NetworkAuthenticationServerHandler |
Base class for server side cryptographic authentication handlers. More... | |
Typedefs | |
using | NetworkAuthenticationMethodMask = uint16_t |
The mask of authentication methods that can be used. | |
Enumerations | |
enum | NetworkAuthenticationMethod : uint8_t { NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY , NETWORK_AUTH_METHOD_X25519_PAKE , NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY , NETWORK_AUTH_METHOD_END } |
The authentication method that can be used. More... | |
Crypto specific bits of the network handling.
This provides a set of functionality to perform authentication combined with a key exchange, to create a shared secret as well as encryption using those shared secrets.
For the authentication/key exchange, the server determines the available methods and creates the appropriate NetworkAuthenticationServerHandler
. This will be used to create a request for the client, which instantiates a NetworkAuthenticationClientHandler
to handle that request. At the moment there are three types of request: key exchange only, password-authenticated key exchange (PAKE) and authorized keys. When the request is for a password, the user is asked for the password via an essentially asynchronous callback from the client handler. For the other requests no input from the user is needed, and these are immediately ready to generate the response for the server.
The server will validate the response resulting in either the user being authenticated or not. When the user failed authentication, there might be a possibility to retry. For example when the server has configured authorized keys and passwords; when the client fails with the authorized keys, it will retry with the password.
Once the key exchange/authentication has been done, the server can signal the client to upgrade the network connection to use encryption using the shared secret of the key exchange.
Definition in file network_crypto.h.
enum NetworkAuthenticationMethod : uint8_t |
The authentication method that can be used.
Definition at line 177 of file network_crypto.h.