OpenTTD Source  20241108-master-g80f628063a
network_crypto.h
Go to the documentation of this file.
1 /*
2  * This file is part of OpenTTD.
3  * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
4  * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
5  * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>.
6  */
7 
33 #ifndef NETWORK_CRYPTO_H
34 #define NETWORK_CRYPTO_H
35 
36 #include "network_type.h"
37 
42 public:
43  virtual ~NetworkEncryptionHandler() {}
44 
49  virtual size_t MACSize() const = 0;
50 
57  virtual bool Decrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
58 
64  virtual void Encrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
65 };
66 
67 
72 public:
74 
78  virtual void Reply(const std::string &password) = 0;
79 };
80 
85 protected:
86  friend class X25519PAKEClientHandler;
87 
88  std::string password;
89 public:
90 
91  virtual void Reply(const std::string &password) override;
92 
96  virtual void SendResponse() = 0;
97 
102  virtual void AskUserForPassword(std::shared_ptr<NetworkAuthenticationPasswordRequest> request) = 0;
103 };
104 
105 
110 public:
112 
117  virtual std::string_view GetPassword() const = 0;
118 };
119 
124 private:
125  const std::string *password;
126 public:
133 
134  std::string_view GetPassword() const override { return *this->password; };
135 };
136 
141 public:
143 
148  virtual bool CanBeUsed() const = 0;
149 
155  virtual bool IsAllowed(std::string_view peer_public_key) const = 0;
156 };
157 
162 private:
164 public:
170 
171  bool CanBeUsed() const override { return !this->authorized_keys->empty(); }
172  bool IsAllowed(std::string_view peer_public_key) const override { return authorized_keys->Contains(peer_public_key); }
173 };
174 
175 
182 };
183 
186 
191 public:
192  virtual ~NetworkAuthenticationHandler() {}
193 
198  virtual std::string_view GetName() const = 0;
199 
205 
210  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const = 0;
211 
216  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const = 0;
217 };
218 
223 public:
229  };
230 
236  virtual RequestResult ReceiveRequest(struct Packet &p) = 0;
237 
243  virtual bool SendResponse(struct Packet &p) = 0;
244 
249  virtual bool ReceiveEnableEncryption(struct Packet &p) = 0;
250 
251  static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key);
252  static std::unique_ptr<NetworkAuthenticationClientHandler> Create(std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> password_handler, std::string &secret_key, std::string &public_key);
253 };
254 
259 public:
265  };
266 
271  virtual void SendRequest(struct Packet &p) = 0;
272 
278  virtual ResponseResult ReceiveResponse(struct Packet &p) = 0;
279 
284  virtual void SendEnableEncryption(struct Packet &p) = 0;
285 
291  virtual bool CanBeUsed() const = 0;
292 
297  virtual std::string GetPeerPublicKey() const = 0;
298 
299  static std::unique_ptr<NetworkAuthenticationServerHandler> Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = ~static_cast<NetworkAuthenticationMethodMask>(0));
300 };
301 
302 #endif /* NETWORK_CRYPTO_H */
Callback interface for server implementations to provide the authorized key validation.
virtual bool IsAllowed(std::string_view peer_public_key) const =0
Check whether the given public key of the peer is allowed in.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
Base class for client side cryptographic authentication handlers.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Ensures that the given secret key is valid, and when not overwrite it with a valid secret key.
virtual RequestResult ReceiveRequest(struct Packet &p)=0
Read a request from the server.
RequestResult
The processing result of receiving a request.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
@ AWAIT_USER_INPUT
We have requested some user input, but must wait on that.
@ INVALID
We have received an invalid request.
virtual bool SendResponse(struct Packet &p)=0
Create the response to send to the server.
static std::unique_ptr< NetworkAuthenticationClientHandler > Create(std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > password_handler, std::string &secret_key, std::string &public_key)
Create a NetworkAuthenticationClientHandler.
Default implementation for the authorized key handler.
bool CanBeUsed() const override
Check whether the key handler can be used, i.e.
NetworkAuthenticationDefaultAuthorizedKeyHandler(const NetworkAuthorizedKeys &authorized_keys)
Create the handler that uses the given authorized keys to check against.
const NetworkAuthorizedKeys * authorized_keys
The authorized keys to check against.
bool IsAllowed(std::string_view peer_public_key) const override
Check whether the given public key of the peer is allowed in.
Default implementation of the password provider.
const std::string * password
The password to check against.
NetworkAuthenticationDefaultPasswordProvider(const std::string &password)
Create the provider with the pointer to the password that is to be used.
std::string_view GetPassword() const override
Callback to return the password where to validate against.
Base class for cryptographic authentication handlers.
virtual std::string_view GetName() const =0
Get the name of the handler for debug messages.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const =0
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Callback interface for server implementations to provide the current password.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
Callback interface for client implementations to provide the handling of the password requests.
virtual void AskUserForPassword(std::shared_ptr< NetworkAuthenticationPasswordRequest > request)=0
Callback to trigger asking the user for the password.
virtual void SendResponse()=0
Callback to trigger sending the response for the password request.
virtual void Reply(const std::string &password) override
Reply to the request with the given password.
std::string password
The entered password.
Callback interface for requests for passwords in the context of network authentication.
virtual void Reply(const std::string &password)=0
Reply to the request with the given password.
Base class for server side cryptographic authentication handlers.
static std::unique_ptr< NetworkAuthenticationServerHandler > Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask=~static_cast< NetworkAuthenticationMethodMask >(0))
Create a NetworkAuthenticationServerHandler.
virtual ResponseResult ReceiveResponse(struct Packet &p)=0
Read the response from the client.
virtual void SendEnableEncryption(struct Packet &p)=0
Create the request to enable encryption to the client.
virtual bool CanBeUsed() const =0
Checks whether this handler can be used with the current configuration.
ResponseResult
The processing result of receiving a response.
@ RETRY_NEXT_METHOD
The client failed to authenticate, but there is another method to try.
@ AUTHENTICATED
The client was authenticated successfully.
@ NOT_AUTHENTICATED
All authentications for this handler have been exhausted.
virtual std::string GetPeerPublicKey() const =0
Get the public key the peer provided during the authentication.
virtual void SendRequest(struct Packet &p)=0
Create the request to send to the client.
Simple helper to (more easily) manage authorized keys.
Definition: network_type.h:148
bool Contains(std::string_view key) const
Check whether the given key is contains in these authorized keys.
Definition: network.cpp:180
Base class for handling the encryption (or decryption) of a network connection.
virtual bool Decrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Decrypt the given message in-place, validating against the given MAC.
virtual void Encrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Encrypt the given message in-place, and write the associated MAC.
virtual size_t MACSize() const =0
Get the size of the MAC (Message Authentication Code) used by the underlying encryption protocol.
Client side handler for using X25519 with a password-authenticated key exchange.
NetworkAuthenticationMethod
The authentication method that can be used.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
@ NETWORK_AUTH_METHOD_END
Must ALWAYS be on the end of this list!! (period)
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
uint16_t NetworkAuthenticationMethodMask
The mask of authentication methods that can be used.
Types used for networking.
Internal entity of a packet.
Definition: packet.h:42