network_crypto.h

Go to the documentation of this file.

/*
 * This file is part of OpenTTD.
 * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
 * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>.
 */
 
#ifndef NETWORK_CRYPTO_H
#define NETWORK_CRYPTO_H
 
#include "network_type.h"
 
class NetworkEncryptionHandler {
public:
  virtual ~NetworkEncryptionHandler() {}
 
  virtual size_t MACSize() const = 0;
 
  virtual bool Decrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
 
  virtual void Encrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
};
 
 
class NetworkAuthenticationPasswordRequest {
public:
  virtual ~NetworkAuthenticationPasswordRequest() {}
 
  virtual void Reply(const std::string &password) = 0;
};
 
class NetworkAuthenticationPasswordRequestHandler : public NetworkAuthenticationPasswordRequest {
protected:
  friend class X25519PAKEClientHandler;
 
  std::string password; 
public:
 
  virtual void Reply(const std::string &password) override;
 
  virtual void SendResponse() = 0;
 
  virtual void AskUserForPassword(std::shared_ptr<NetworkAuthenticationPasswordRequest> request) = 0;
};
 
 
class NetworkAuthenticationPasswordProvider {
public:
  virtual ~NetworkAuthenticationPasswordProvider() {}
 
  virtual std::string_view GetPassword() const = 0;
};
 
class NetworkAuthenticationDefaultPasswordProvider : public NetworkAuthenticationPasswordProvider {
private:
  const std::string *password; 
public:
  NetworkAuthenticationDefaultPasswordProvider(const std::string &password) : password(&password) {}
 
  std::string_view GetPassword() const override { return *this->password; };
};
 
class NetworkAuthenticationAuthorizedKeyHandler {
public:
  virtual ~NetworkAuthenticationAuthorizedKeyHandler() {}
 
  virtual bool CanBeUsed() const = 0;
 
  virtual bool IsAllowed(std::string_view peer_public_key) const = 0;
};
 
class NetworkAuthenticationDefaultAuthorizedKeyHandler : public NetworkAuthenticationAuthorizedKeyHandler {
private:
  const NetworkAuthorizedKeys *authorized_keys; 
public:
  NetworkAuthenticationDefaultAuthorizedKeyHandler(const NetworkAuthorizedKeys &authorized_keys) : authorized_keys(&authorized_keys) {}
 
  bool CanBeUsed() const override { return !this->authorized_keys->empty(); }
  bool IsAllowed(std::string_view peer_public_key) const override { return authorized_keys->Contains(peer_public_key); }
};
 
 
enum NetworkAuthenticationMethod : uint8_t {
  NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY, 
  NETWORK_AUTH_METHOD_X25519_PAKE, 
  NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY, 
  NETWORK_AUTH_METHOD_END, 
};
 
using NetworkAuthenticationMethodMask = uint16_t;
 
class NetworkAuthenticationHandler {
public:
  virtual ~NetworkAuthenticationHandler() {}
 
  virtual std::string_view GetName() const = 0;
 
  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const = 0;
 
  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const = 0;
 
  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const = 0;
};
 
class NetworkAuthenticationClientHandler : public NetworkAuthenticationHandler {
public:
  enum RequestResult {
    AWAIT_USER_INPUT, 
    READY_FOR_RESPONSE, 
    INVALID, 
  };
 
  virtual RequestResult ReceiveRequest(struct Packet &p) = 0;
 
  virtual bool SendResponse(struct Packet &p) = 0;
 
  virtual bool ReceiveEnableEncryption(struct Packet &p) = 0;
 
  static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key);
  static std::unique_ptr<NetworkAuthenticationClientHandler> Create(std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> password_handler, std::string &secret_key, std::string &public_key);
};
 
class NetworkAuthenticationServerHandler : public NetworkAuthenticationHandler {
public:
  enum ResponseResult {
    AUTHENTICATED, 
    NOT_AUTHENTICATED, 
    RETRY_NEXT_METHOD, 
  };
 
  virtual void SendRequest(struct Packet &p) = 0;
 
  virtual ResponseResult ReceiveResponse(struct Packet &p) = 0;
 
  virtual void SendEnableEncryption(struct Packet &p) = 0;
 
  virtual bool CanBeUsed() const = 0;
 
  virtual std::string GetPeerPublicKey() const = 0;
 
  static std::unique_ptr<NetworkAuthenticationServerHandler> Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = ~static_cast<NetworkAuthenticationMethodMask>(0));
};
 
#endif /* NETWORK_CRYPTO_H */