OpenTTD Source
20240919-master-gdf0233f4c2
|
Go to the documentation of this file.
33 #ifndef NETWORK_CRYPTO_H
34 #define NETWORK_CRYPTO_H
49 virtual size_t MACSize()
const = 0;
57 virtual bool Decrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
64 virtual void Encrypt(std::span<std::uint8_t> mac, std::span<std::uint8_t> message) = 0;
78 virtual void Reply(
const std::string &password) = 0;
102 virtual void AskUserForPassword(std::shared_ptr<NetworkAuthenticationPasswordRequest> request) = 0;
155 virtual bool IsAllowed(std::string_view peer_public_key)
const = 0;
171 bool CanBeUsed()
const override {
return !this->authorized_keys->empty(); }
198 virtual std::string_view
GetName()
const = 0;
252 static std::unique_ptr<NetworkAuthenticationClientHandler>
Create(std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> password_handler, std::string &secret_key, std::string &public_key);
static std::unique_ptr< NetworkAuthenticationClientHandler > Create(std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > password_handler, std::string &secret_key, std::string &public_key)
Create a NetworkAuthenticationClientHandler.
virtual bool CanBeUsed() const =0
Checks whether this handler can be used with the current configuration.
uint16_t NetworkAuthenticationMethodMask
The mask of authentication methods that can be used.
virtual void Reply(const std::string &password)=0
Reply to the request with the given password.
virtual bool SendResponse(struct Packet &p)=0
Create the response to send to the server.
virtual std::string_view GetName() const =0
Get the name of the handler for debug messages.
Base class for handling the encryption (or decryption) of a network connection.
NetworkAuthenticationDefaultAuthorizedKeyHandler(const NetworkAuthorizedKeys &authorized_keys)
Create the handler that uses the given authorized keys to check against.
virtual void SendRequest(struct Packet &p)=0
Create the request to send to the client.
Default implementation of the password provider.
static std::unique_ptr< NetworkAuthenticationServerHandler > Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask=~static_cast< NetworkAuthenticationMethodMask >(0))
Create a NetworkAuthenticationServerHandler.
bool IsAllowed(std::string_view peer_public_key) const override
Check whether the given public key of the peer is allowed in.
Default implementation for the authorized key handler.
std::string_view GetPassword() const override
Callback to return the password where to validate against.
virtual void SendEnableEncryption(struct Packet &p)=0
Create the request to enable encryption to the client.
NetworkAuthenticationDefaultPasswordProvider(const std::string &password)
Create the provider with the pointer to the password that is to be used.
virtual void SendResponse()=0
Callback to trigger sending the response for the password request.
Callback interface for client implementations to provide the handling of the password requests.
virtual RequestResult ReceiveRequest(struct Packet &p)=0
Read a request from the server.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
Client side handler for using X25519 with a password-authenticated key exchange.
virtual bool Decrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Decrypt the given message in-place, validating against the given MAC.
bool CanBeUsed() const override
Check whether the key handler can be used, i.e.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
@ NOT_AUTHENTICATED
All authentications for this handler have been exhausted.
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
const NetworkAuthorizedKeys * authorized_keys
The authorized keys to check against.
@ AUTHENTICATED
The client was authenticated successfully.
Base class for client side cryptographic authentication handlers.
static void EnsureValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Ensures that the given secret key is valid, and when not overwrite it with a valid secret key.
NetworkAuthenticationMethod
The authentication method that can be used.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
virtual void AskUserForPassword(std::shared_ptr< NetworkAuthenticationPasswordRequest > request)=0
Callback to trigger asking the user for the password.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const =0
Get the method this handler is providing functionality for.
RequestResult
The processing result of receiving a request.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Base class for server side cryptographic authentication handlers.
Internal entity of a packet.
virtual void Reply(const std::string &password) override
Reply to the request with the given password.
@ AWAIT_USER_INPUT
We have requested some user input, but must wait on that.
const std::string * password
The password to check against.
virtual ResponseResult ReceiveResponse(struct Packet &p)=0
Read the response from the client.
Callback interface for server implementations to provide the current password.
Callback interface for server implementations to provide the authorized key validation.
ResponseResult
The processing result of receiving a response.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
@ INVALID
We have received an invalid request.
Simple helper to (more easily) manage authorized keys.
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
Callback interface for requests for passwords in the context of network authentication.
Base class for cryptographic authentication handlers.
std::string password
The entered password.
@ RETRY_NEXT_METHOD
The client failed to authenticate, but there is another method to try.
@ NETWORK_AUTH_METHOD_END
Must ALWAYS be on the end of this list!! (period)
virtual size_t MACSize() const =0
Get the size of the MAC (Message Authentication Code) used by the underlying encryption protocol.
virtual bool IsAllowed(std::string_view peer_public_key) const =0
Check whether the given public key of the peer is allowed in.
virtual void Encrypt(std::span< std::uint8_t > mac, std::span< std::uint8_t > message)=0
Encrypt the given message in-place, and write the associated MAC.
bool Contains(std::string_view key) const
Check whether the given key is contains in these authorized keys.
virtual std::string GetPeerPublicKey() const =0
Get the public key the peer provided during the authentication.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.