OpenTTD Source  20241121-master-g67a0fccfad
network_crypto.h File Reference

Crypto specific bits of the network handling. More...

#include "network_type.h"

Go to the source code of this file.

Data Structures

class  NetworkEncryptionHandler
 Base class for handling the encryption (or decryption) of a network connection. More...
 
class  NetworkAuthenticationPasswordRequest
 Callback interface for requests for passwords in the context of network authentication. More...
 
class  NetworkAuthenticationPasswordRequestHandler
 Callback interface for client implementations to provide the handling of the password requests. More...
 
class  NetworkAuthenticationPasswordProvider
 Callback interface for server implementations to provide the current password. More...
 
class  NetworkAuthenticationDefaultPasswordProvider
 Default implementation of the password provider. More...
 
class  NetworkAuthenticationAuthorizedKeyHandler
 Callback interface for server implementations to provide the authorized key validation. More...
 
class  NetworkAuthenticationDefaultAuthorizedKeyHandler
 Default implementation for the authorized key handler. More...
 
class  NetworkAuthenticationHandler
 Base class for cryptographic authentication handlers. More...
 
class  NetworkAuthenticationClientHandler
 Base class for client side cryptographic authentication handlers. More...
 
class  NetworkAuthenticationServerHandler
 Base class for server side cryptographic authentication handlers. More...
 

Typedefs

using NetworkAuthenticationMethodMask = uint16_t
 The mask of authentication methods that can be used.
 

Enumerations

enum  NetworkAuthenticationMethod : uint8_t { NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY , NETWORK_AUTH_METHOD_X25519_PAKE , NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY , NETWORK_AUTH_METHOD_END }
 The authentication method that can be used. More...
 

Detailed Description

Crypto specific bits of the network handling.

This provides a set of functionality to perform authentication combined with a key exchange, to create a shared secret as well as encryption using those shared secrets.

For the authentication/key exchange, the server determines the available methods and creates the appropriate NetworkAuthenticationServerHandler. This will be used to create a request for the client, which instantiates a NetworkAuthenticationClientHandler to handle that request. At the moment there are three types of request: key exchange only, password-authenticated key exchange (PAKE) and authorized keys. When the request is for a password, the user is asked for the password via an essentially asynchronous callback from the client handler. For the other requests no input from the user is needed, and these are immediately ready to generate the response for the server.

The server will validate the response resulting in either the user being authenticated or not. When the user failed authentication, there might be a possibility to retry. For example when the server has configured authorized keys and passwords; when the client fails with the authorized keys, it will retry with the password.

Once the key exchange/authentication has been done, the server can signal the client to upgrade the network connection to use encryption using the shared secret of the key exchange.

Definition in file network_crypto.h.

Enumeration Type Documentation

◆ NetworkAuthenticationMethod

The authentication method that can be used.

Enumerator
NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY 

No actual authentication is taking place, just perform a x25519 key exchange. This method is not supported for the admin connection.

NETWORK_AUTH_METHOD_X25519_PAKE 

Authentication using x25519 password-authenticated key agreement.

NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY 

Authentication using x22519 key exchange and authorized keys.

NETWORK_AUTH_METHOD_END 

Must ALWAYS be on the end of this list!! (period)

Definition at line 177 of file network_crypto.h.