OpenTTD Source 20241224-master-gf74b0cf984
network_crypto.h
Go to the documentation of this file.
1/*
2 * This file is part of OpenTTD.
3 * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
4 * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
5 * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>.
6 */
7
33#ifndef NETWORK_CRYPTO_H
34#define NETWORK_CRYPTO_H
35
36#include "network_type.h"
37
42public:
43 virtual ~NetworkEncryptionHandler() = default;
44
49 virtual size_t MACSize() const = 0;
50
57 virtual bool Decrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
58
64 virtual void Encrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
65};
66
67
72public:
73 virtual ~NetworkAuthenticationPasswordRequest() = default;
74
78 virtual void Reply(const std::string &password) = 0;
79};
80
85protected:
86 friend class X25519PAKEClientHandler;
87
88 std::string password;
89public:
90
91 virtual void Reply(const std::string &password) override;
92
96 virtual void SendResponse() = 0;
97
102 virtual void AskUserForPassword(std::shared_ptr<NetworkAuthenticationPasswordRequest> request) = 0;
103};
104
105
110public:
111 virtual ~NetworkAuthenticationPasswordProvider() = default;
112
117 virtual std::string_view GetPassword() const = 0;
118};
119
124private:
125 const std::string *password;
126public:
133
134 std::string_view GetPassword() const override { return *this->password; };
135};
136
141public:
143
148 virtual bool CanBeUsed() const = 0;
149
155 virtual bool IsAllowed(std::string_view peer_public_key) const = 0;
156};
157
162private:
164public:
170
171 bool CanBeUsed() const override { return !this->authorized_keys->empty(); }
172 bool IsAllowed(std::string_view peer_public_key) const override { return authorized_keys->Contains(peer_public_key); }
173};
174
175
183
186
191public:
192 virtual ~NetworkAuthenticationHandler() = default;
193
198 virtual std::string_view GetName() const = 0;
199
205
210 virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const = 0;
211
216 virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const = 0;
217};
218
223public:
230
236 virtual RequestResult ReceiveRequest(struct Packet &p) = 0;
237
243 virtual bool SendResponse(struct Packet &p) = 0;
244
249 virtual bool ReceiveEnableEncryption(struct Packet &p) = 0;
250
251 static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key);
252 static std::unique_ptr<NetworkAuthenticationClientHandler> Create(std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> password_handler, std::string &secret_key, std::string &public_key);
253};
254
259public:
266
271 virtual void SendRequest(struct Packet &p) = 0;
272
278 virtual ResponseResult ReceiveResponse(struct Packet &p) = 0;
279
284 virtual void SendEnableEncryption(struct Packet &p) = 0;
285
291 virtual bool CanBeUsed() const = 0;
292
297 virtual std::string GetPeerPublicKey() const = 0;
298
299 static std::unique_ptr<NetworkAuthenticationServerHandler> Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = ~static_cast<NetworkAuthenticationMethodMask>(0));
300};
301
302#endif /* NETWORK_CRYPTO_H */
Callback interface for server implementations to provide the authorized key validation.
virtual bool IsAllowed(std::string_view peer_public_key) const =0
Check whether the given public key of the peer is allowed in.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
Base class for client side cryptographic authentication handlers.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Ensures that the given secret key is valid, and when not overwrite it with a valid secret key.
virtual RequestResult ReceiveRequest(struct Packet &p)=0
Read a request from the server.
RequestResult
The processing result of receiving a request.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
@ AWAIT_USER_INPUT
We have requested some user input, but must wait on that.
@ INVALID
We have received an invalid request.
virtual bool SendResponse(struct Packet &p)=0
Create the response to send to the server.
static std::unique_ptr< NetworkAuthenticationClientHandler > Create(std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > password_handler, std::string &secret_key, std::string &public_key)
Create a NetworkAuthenticationClientHandler.
Default implementation for the authorized key handler.
bool CanBeUsed() const override
Check whether the key handler can be used, i.e.
NetworkAuthenticationDefaultAuthorizedKeyHandler(const NetworkAuthorizedKeys &authorized_keys)
Create the handler that uses the given authorized keys to check against.
const NetworkAuthorizedKeys * authorized_keys
The authorized keys to check against.
bool IsAllowed(std::string_view peer_public_key) const override
Check whether the given public key of the peer is allowed in.
Default implementation of the password provider.
const std::string * password
The password to check against.
NetworkAuthenticationDefaultPasswordProvider(const std::string &password)
Create the provider with the pointer to the password that is to be used.
std::string_view GetPassword() const override
Callback to return the password where to validate against.
Base class for cryptographic authentication handlers.
virtual std::string_view GetName() const =0
Get the name of the handler for debug messages.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const =0
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Callback interface for server implementations to provide the current password.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
Callback interface for client implementations to provide the handling of the password requests.
virtual void AskUserForPassword(std::shared_ptr< NetworkAuthenticationPasswordRequest > request)=0
Callback to trigger asking the user for the password.
virtual void SendResponse()=0
Callback to trigger sending the response for the password request.
virtual void Reply(const std::string &password) override
Reply to the request with the given password.
std::string password
The entered password.
Callback interface for requests for passwords in the context of network authentication.
virtual void Reply(const std::string &password)=0
Reply to the request with the given password.
Base class for server side cryptographic authentication handlers.
static std::unique_ptr< NetworkAuthenticationServerHandler > Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask=~static_cast< NetworkAuthenticationMethodMask >(0))
Create a NetworkAuthenticationServerHandler.
virtual ResponseResult ReceiveResponse(struct Packet &p)=0
Read the response from the client.
virtual void SendEnableEncryption(struct Packet &p)=0
Create the request to enable encryption to the client.
virtual bool CanBeUsed() const =0
Checks whether this handler can be used with the current configuration.
ResponseResult
The processing result of receiving a response.
@ RETRY_NEXT_METHOD
The client failed to authenticate, but there is another method to try.
@ AUTHENTICATED
The client was authenticated successfully.
@ NOT_AUTHENTICATED
All authentications for this handler have been exhausted.
virtual std::string GetPeerPublicKey() const =0
Get the public key the peer provided during the authentication.
virtual void SendRequest(struct Packet &p)=0
Create the request to send to the client.
Simple helper to (more easily) manage authorized keys.
bool Contains(std::string_view key) const
Check whether the given key is contains in these authorized keys.
Definition network.cpp:178
Base class for handling the encryption (or decryption) of a network connection.
virtual bool Decrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Decrypt the given message in-place, validating against the given MAC.
virtual void Encrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Encrypt the given message in-place, and write the associated MAC.
virtual size_t MACSize() const =0
Get the size of the MAC (Message Authentication Code) used by the underlying encryption protocol.
Client side handler for using X25519 with a password-authenticated key exchange.
NetworkAuthenticationMethod
The authentication method that can be used.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
@ NETWORK_AUTH_METHOD_END
Must ALWAYS be on the end of this list!! (period)
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
uint16_t NetworkAuthenticationMethodMask
The mask of authentication methods that can be used.
Types used for networking.
Internal entity of a packet.
Definition packet.h:42