33 #ifndef NETWORK_CRYPTO_H
34 #define NETWORK_CRYPTO_H
57 virtual bool Decrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
64 virtual void Encrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
78 virtual void Reply(
const std::string &password) = 0;
155 virtual bool IsAllowed(std::string_view peer_public_key)
const = 0;
171 bool CanBeUsed()
const override {
return !this->authorized_keys->empty(); }
252 static std::unique_ptr<NetworkAuthenticationClientHandler>
Create(std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> password_handler, std::string &secret_key, std::string &public_key);
Callback interface for server implementations to provide the authorized key validation.
virtual bool IsAllowed(std::string_view peer_public_key) const =0
Check whether the given public key of the peer is allowed in.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
Base class for client side cryptographic authentication handlers.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Ensures that the given secret key is valid, and when not overwrite it with a valid secret key.
virtual RequestResult ReceiveRequest(struct Packet &p)=0
Read a request from the server.
RequestResult
The processing result of receiving a request.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
@ AWAIT_USER_INPUT
We have requested some user input, but must wait on that.
@ INVALID
We have received an invalid request.
virtual bool SendResponse(struct Packet &p)=0
Create the response to send to the server.
static std::unique_ptr< NetworkAuthenticationClientHandler > Create(std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > password_handler, std::string &secret_key, std::string &public_key)
Create a NetworkAuthenticationClientHandler.
Default implementation for the authorized key handler.
bool CanBeUsed() const override
Check whether the key handler can be used, i.e.
NetworkAuthenticationDefaultAuthorizedKeyHandler(const NetworkAuthorizedKeys &authorized_keys)
Create the handler that uses the given authorized keys to check against.
const NetworkAuthorizedKeys * authorized_keys
The authorized keys to check against.
bool IsAllowed(std::string_view peer_public_key) const override
Check whether the given public key of the peer is allowed in.
Default implementation of the password provider.
const std::string * password
The password to check against.
NetworkAuthenticationDefaultPasswordProvider(const std::string &password)
Create the provider with the pointer to the password that is to be used.
std::string_view GetPassword() const override
Callback to return the password where to validate against.
Base class for cryptographic authentication handlers.
virtual std::string_view GetName() const =0
Get the name of the handler for debug messages.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const =0
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Callback interface for server implementations to provide the current password.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
Callback interface for client implementations to provide the handling of the password requests.
virtual void AskUserForPassword(std::shared_ptr< NetworkAuthenticationPasswordRequest > request)=0
Callback to trigger asking the user for the password.
virtual void SendResponse()=0
Callback to trigger sending the response for the password request.
virtual void Reply(const std::string &password) override
Reply to the request with the given password.
std::string password
The entered password.
Callback interface for requests for passwords in the context of network authentication.
virtual void Reply(const std::string &password)=0
Reply to the request with the given password.
Base class for server side cryptographic authentication handlers.
static std::unique_ptr< NetworkAuthenticationServerHandler > Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask=~static_cast< NetworkAuthenticationMethodMask >(0))
Create a NetworkAuthenticationServerHandler.
virtual ResponseResult ReceiveResponse(struct Packet &p)=0
Read the response from the client.
virtual void SendEnableEncryption(struct Packet &p)=0
Create the request to enable encryption to the client.
virtual bool CanBeUsed() const =0
Checks whether this handler can be used with the current configuration.
ResponseResult
The processing result of receiving a response.
@ RETRY_NEXT_METHOD
The client failed to authenticate, but there is another method to try.
@ AUTHENTICATED
The client was authenticated successfully.
@ NOT_AUTHENTICATED
All authentications for this handler have been exhausted.
virtual std::string GetPeerPublicKey() const =0
Get the public key the peer provided during the authentication.
virtual void SendRequest(struct Packet &p)=0
Create the request to send to the client.
Simple helper to (more easily) manage authorized keys.
bool Contains(std::string_view key) const
Check whether the given key is contains in these authorized keys.
Base class for handling the encryption (or decryption) of a network connection.
virtual bool Decrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Decrypt the given message in-place, validating against the given MAC.
virtual void Encrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Encrypt the given message in-place, and write the associated MAC.
virtual size_t MACSize() const =0
Get the size of the MAC (Message Authentication Code) used by the underlying encryption protocol.
Client side handler for using X25519 with a password-authenticated key exchange.
NetworkAuthenticationMethod
The authentication method that can be used.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
@ NETWORK_AUTH_METHOD_END
Must ALWAYS be on the end of this list!! (period)
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
uint16_t NetworkAuthenticationMethodMask
The mask of authentication methods that can be used.
Types used for networking.
Internal entity of a packet.