OpenTTD Source  20240919-master-gdf0233f4c2
network_crypto_internal.h
Go to the documentation of this file.
1 /*
2  * This file is part of OpenTTD.
3  * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
4  * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
5  * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>.
6  */
7 
10 #ifndef NETWORK_CRYPTO_INTERNAL_H
11 #define NETWORK_CRYPTO_INTERNAL_H
12 
13 #include "network_crypto.h"
14 
16 constexpr size_t X25519_KEY_SIZE = 32;
18 constexpr size_t X25519_NONCE_SIZE = 24;
20 constexpr size_t X25519_MAC_SIZE = 16;
22 constexpr size_t X25519_KEY_EXCHANGE_MESSAGE_SIZE = 8;
23 
25 struct X25519Key : std::array<uint8_t, X25519_KEY_SIZE> {
26  ~X25519Key();
27 };
28 
30 struct X25519PublicKey : X25519Key {
31 };
32 
34 struct X25519SecretKey : X25519Key {
35  static X25519SecretKey CreateRandom();
36  X25519PublicKey CreatePublicKey() const;
37 };
38 
40 struct X25519Nonce : std::array<uint8_t, X25519_NONCE_SIZE> {
41  static X25519Nonce CreateRandom();
42  ~X25519Nonce();
43 };
44 
46 using X25519Mac = std::array<uint8_t, X25519_MAC_SIZE>;
47 
49 using X25519KeyExchangeMessage = std::array<uint8_t, X25519_KEY_EXCHANGE_MESSAGE_SIZE>;
50 
52 enum class X25519KeyExchangeSide {
53  CLIENT,
54  SERVER,
55 };
56 
61 class X25519DerivedKeys {
62 private:
64  std::array<uint8_t, X25519_KEY_SIZE + X25519_KEY_SIZE> keys;
65 public:
66  ~X25519DerivedKeys();
67  std::span<const uint8_t> ClientToServer() const;
68  std::span<const uint8_t> ServerToClient() const;
69  bool Exchange(const X25519PublicKey &peer_public_key, X25519KeyExchangeSide side,
70  const X25519SecretKey &our_secret_key, const X25519PublicKey &our_public_key, std::string_view extra_payload);
71 };
72 
104 class X25519AuthenticationHandler {
105 private:
106  X25519SecretKey our_secret_key;
107  X25519PublicKey our_public_key;
108  X25519Nonce key_exchange_nonce;
109  X25519DerivedKeys derived_keys;
110  X25519PublicKey peer_public_key;
111 
112  X25519Nonce encryption_nonce;
113 
114 protected:
115  X25519AuthenticationHandler(const X25519SecretKey &secret_key);
116 
117  void SendRequest(struct Packet &p);
118  bool ReceiveRequest(struct Packet &p);
119  bool SendResponse(struct Packet &p, std::string_view derived_key_extra_payload);
120  NetworkAuthenticationServerHandler::ResponseResult ReceiveResponse(struct Packet &p, std::string_view derived_key_extra_payload);
121 
122  std::string GetPeerPublicKey() const;
123 
124  void SendEnableEncryption(struct Packet &p) const;
125  bool ReceiveEnableEncryption(struct Packet &p);
126  std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const;
127  std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const;
128 };
129 
135 class X25519KeyExchangeOnlyClientHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationClientHandler {
136 public:
141  X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
142 
143  virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
144  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
145 
146  virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; }
147  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; }
148 
149  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
150  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
151  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
152 };
153 
159 class X25519KeyExchangeOnlyServerHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationServerHandler {
160 public:
165  X25519KeyExchangeOnlyServerHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
166 
167  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
168  virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, {}); }
169 
170  virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-server"; }
171  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; }
172  virtual bool CanBeUsed() const override { return true; }
173 
174  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
175  virtual void SendEnableEncryption(struct Packet &p) override { this->X25519AuthenticationHandler::SendEnableEncryption(p); }
176  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
177  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
178 };
179 
185 class X25519PAKEClientHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationClientHandler {
186 private:
187  std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> handler;
188 
189 public:
195  X25519PAKEClientHandler(const X25519SecretKey &secret_key, std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> handler) : X25519AuthenticationHandler(secret_key), handler(handler) {}
196 
197  virtual RequestResult ReceiveRequest(struct Packet &p) override;
198  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, this->handler->password); }
199 
200  virtual std::string_view GetName() const override { return "X25519-PAKE-client"; }
201  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; }
202 
203  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
204  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
205  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
206 };
207 
213 class X25519PAKEServerHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationServerHandler {
214 private:
215  const NetworkAuthenticationPasswordProvider *password_provider;
216 public:
222  X25519PAKEServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationPasswordProvider *password_provider) : X25519AuthenticationHandler(secret_key), password_provider(password_provider) {}
223 
224  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
225  virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, this->password_provider->GetPassword()); }
226 
227  virtual std::string_view GetName() const override { return "X25519-PAKE-server"; }
228  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; }
229  virtual bool CanBeUsed() const override { return !this->password_provider->GetPassword().empty(); }
230 
231  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
232  virtual void SendEnableEncryption(struct Packet &p) override { this->X25519AuthenticationHandler::SendEnableEncryption(p); }
233  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
234  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
235 };
236 
237 
244 class X25519AuthorizedKeyClientHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationClientHandler {
245 public:
250  X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
251 
252  virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
253  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
254 
255  virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; }
256  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; }
257 
258  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
259  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
260  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
261 
262  static X25519SecretKey GetValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key);
263 };
264 
271 class X25519AuthorizedKeyServerHandler : protected X25519AuthenticationHandler, public NetworkAuthenticationServerHandler {
272 private:
273  const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler;
274 public:
280  X25519AuthorizedKeyServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler) : X25519AuthenticationHandler(secret_key), authorized_key_handler(authorized_key_handler) {}
281 
282  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
283  virtual ResponseResult ReceiveResponse(struct Packet &p) override;
284 
285  virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-server"; }
286  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; }
287  virtual bool CanBeUsed() const override { return this->authorized_key_handler->CanBeUsed(); }
288 
289  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
290  virtual void SendEnableEncryption(struct Packet &p) override { this->X25519AuthenticationHandler::SendEnableEncryption(p); }
291  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
292  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
293 };
294 
295 
300 class CombinedAuthenticationClientHandler : public NetworkAuthenticationClientHandler {
301 public:
302  using Handler = std::unique_ptr<NetworkAuthenticationClientHandler>;
303 
304 private:
305  std::vector<Handler> handlers;
306  NetworkAuthenticationClientHandler *current_handler = nullptr;
307 
308 public:
313  void Add(Handler &&handler) { this->handlers.push_back(std::move(handler)); }
314 
315  virtual RequestResult ReceiveRequest(struct Packet &p) override;
316  virtual bool SendResponse(struct Packet &p) override;
317 
318  virtual std::string_view GetName() const override;
319  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override;
320 
321  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->current_handler->ReceiveEnableEncryption(p); }
322  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->current_handler->CreateClientToServerEncryptionHandler(); }
323  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->current_handler->CreateServerToClientEncryptionHandler(); }
324 };
325 
330 class CombinedAuthenticationServerHandler : public NetworkAuthenticationServerHandler {
331 public:
332  using Handler = std::unique_ptr<NetworkAuthenticationServerHandler>;
333 
334 private:
335  std::vector<Handler> handlers;
336 
337 public:
338  void Add(Handler &&handler);
339 
340  virtual void SendRequest(struct Packet &p) override;
341  virtual ResponseResult ReceiveResponse(struct Packet &p) override;
342 
343  virtual std::string_view GetName() const override;
344  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override;
345  virtual bool CanBeUsed() const override;
346 
347  virtual std::string GetPeerPublicKey() const override { return this->handlers.back()->GetPeerPublicKey(); }
348  virtual void SendEnableEncryption(struct Packet &p) override { this->handlers.back()->SendEnableEncryption(p); }
349  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->handlers.back()->CreateClientToServerEncryptionHandler(); }
350  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->handlers.back()->CreateServerToClientEncryptionHandler(); }
351 };
352 
353 #endif /* NETWORK_CRYPTO_INTERNAL_H */
CombinedAuthenticationServerHandler::SendEnableEncryption
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Definition: network_crypto_internal.h:348
X25519Key
Container for a X25519 key that is automatically crypto-wiped when destructed.
Definition: network_crypto_internal.h:25
X25519AuthorizedKeyServerHandler::SendEnableEncryption
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Definition: network_crypto_internal.h:290
X25519PAKEServerHandler
Server side handler for using X25519 with a password-authenticated key exchange.
Definition: network_crypto_internal.h:213
X25519AuthenticationHandler::SendResponse
bool SendResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Perform the key exchange, and when that is correct fill the Packet with the appropriate data.
Definition: network_crypto.cpp:219
X25519DerivedKeys
Container for the keys that derived from the X25519 key exchange mechanism.
Definition: network_crypto_internal.h:61
X25519PAKEClientHandler::X25519PAKEClientHandler
X25519PAKEClientHandler(const X25519SecretKey &secret_key, std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > handler)
Create the handler with the given password handler.
Definition: network_crypto_internal.h:195
CombinedAuthenticationServerHandler::GetPeerPublicKey
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Definition: network_crypto_internal.h:347
X25519AuthorizedKeyClientHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:255
X25519AuthenticationHandler::GetPeerPublicKey
std::string GetPeerPublicKey() const
Get the public key the peer provided for the key exchange.
Definition: network_crypto.cpp:244
X25519AuthenticationHandler::ReceiveRequest
bool ReceiveRequest(struct Packet &p)
Read the key exchange data from a Packet that came from the server,.
Definition: network_crypto.cpp:201
CombinedAuthenticationServerHandler::handlers
std::vector< Handler > handlers
The handlers that we can (still) authenticate with.
Definition: network_crypto_internal.h:335
X25519AuthenticationHandler::X25519AuthenticationHandler
X25519AuthenticationHandler(const X25519SecretKey &secret_key)
Create the handler, and generate the public keys accordingly.
Definition: network_crypto.cpp:184
CombinedAuthenticationClientHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto.cpp:382
CombinedAuthenticationClientHandler::Handler
std::unique_ptr< NetworkAuthenticationClientHandler > Handler
The type of the inner handlers.
Definition: network_crypto_internal.h:302
X25519Nonce
Container for a X25519 nonce that is automatically crypto-wiped when destructed.
Definition: network_crypto_internal.h:40
X25519AuthenticationHandler::key_exchange_nonce
X25519Nonce key_exchange_nonce
The nonce to prevent replay attacks of the key exchange.
Definition: network_crypto_internal.h:108
X25519AuthorizedKeyClientHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:256
X25519Key::~X25519Key
~X25519Key()
Ensure the key does not get leaked when we're done with it.
Definition: network_crypto.cpp:136
X25519AuthorizedKeyClientHandler::GetValidSecretKeyAndUpdatePublicKey
static X25519SecretKey GetValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Get the secret key from the given string.
Definition: network_crypto.cpp:334
CombinedAuthenticationServerHandler
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
Definition: network_crypto_internal.h:330
X25519PAKEServerHandler::ReceiveResponse
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Definition: network_crypto_internal.h:225
CombinedAuthenticationClientHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:322
X25519PAKEServerHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:234
X25519AuthorizedKeyServerHandler::X25519AuthorizedKeyServerHandler
X25519AuthorizedKeyServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler)
Create the handler that uses the given authorized keys to check against.
Definition: network_crypto_internal.h:280
X25519KeyExchangeOnlyClientHandler
Client side handler for using X25519 without actual authentication.
Definition: network_crypto_internal.h:135
X25519KeyExchangeSide::SERVER
@ SERVER
We are the server.
X25519PAKEServerHandler::CanBeUsed
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
Definition: network_crypto_internal.h:229
X25519PAKEClientHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:204
CombinedAuthenticationServerHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:350
X25519AuthorizedKeyServerHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:291
CombinedAuthenticationClientHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:323
X25519PAKEServerHandler::password_provider
const NetworkAuthenticationPasswordProvider * password_provider
The password to check against.
Definition: network_crypto_internal.h:215
CombinedAuthenticationServerHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto.cpp:429
CombinedAuthenticationServerHandler::ReceiveResponse
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Definition: network_crypto.cpp:413
X25519_NONCE_SIZE
constexpr size_t X25519_NONCE_SIZE
The number of bytes the nonces are in X25519.
Definition: network_crypto_internal.h:18
X25519Nonce::~X25519Nonce
~X25519Nonce()
Ensure the nonce does not get leaked when we're done with it.
Definition: network_crypto.cpp:175
CombinedAuthenticationServerHandler::CanBeUsed
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
Definition: network_crypto.cpp:434
NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
Definition: network_crypto.h:178
X25519KeyExchangeOnlyServerHandler::GetPeerPublicKey
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Definition: network_crypto_internal.h:174
X25519PAKEClientHandler
Client side handler for using X25519 with a password-authenticated key exchange.
Definition: network_crypto_internal.h:185
X25519AuthorizedKeyClientHandler
Handler for clients using a X25519 key exchange to perform authentication via a set of authorized (pu...
Definition: network_crypto_internal.h:244
X25519DerivedKeys::ServerToClient
std::span< const uint8_t > ServerToClient() const
Get the key to encrypt or decrypt a message sent from the server to the client.
Definition: network_crypto.cpp:50
X25519KeyExchangeOnlyServerHandler::X25519KeyExchangeOnlyServerHandler
X25519KeyExchangeOnlyServerHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
Definition: network_crypto_internal.h:165
X25519AuthorizedKeyServerHandler::SendRequest
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
Definition: network_crypto_internal.h:282
NetworkAuthenticationClientHandler::READY_FOR_RESPONSE
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
Definition: network_crypto.h:227
X25519AuthenticationHandler::peer_public_key
X25519PublicKey peer_public_key
The public key used by our peer.
Definition: network_crypto_internal.h:110
X25519PAKEClientHandler::ReceiveRequest
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
Definition: network_crypto.cpp:318
X25519PublicKey
Container for a X25519 public key.
Definition: network_crypto_internal.h:30
X25519AuthenticationHandler::encryption_nonce
X25519Nonce encryption_nonce
The nonce to prevent replay attacks the encrypted connection.
Definition: network_crypto_internal.h:112
NETWORK_AUTH_METHOD_X25519_PAKE
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
Definition: network_crypto.h:179
X25519KeyExchangeSide
X25519KeyExchangeSide
The side of the key exchange.
Definition: network_crypto_internal.h:52
X25519PAKEServerHandler::SendRequest
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
Definition: network_crypto_internal.h:224
X25519KeyExchangeMessage
std::array< uint8_t, X25519_KEY_EXCHANGE_MESSAGE_SIZE > X25519KeyExchangeMessage
Container for a X25519 key exchange message.
Definition: network_crypto_internal.h:49
X25519KeyExchangeOnlyServerHandler::ReceiveResponse
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Definition: network_crypto_internal.h:168
NetworkAuthenticationClientHandler
Base class for client side cryptographic authentication handlers.
Definition: network_crypto.h:222
CombinedAuthenticationClientHandler::Add
void Add(Handler &&handler)
Add the given sub-handler to this handler.
Definition: network_crypto_internal.h:313
X25519AuthorizedKeyServerHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:286
CombinedAuthenticationClientHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto.cpp:387
X25519AuthorizedKeyClientHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:260
CombinedAuthenticationServerHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:349
NetworkAuthenticationMethod
NetworkAuthenticationMethod
The authentication method that can be used.
Definition: network_crypto.h:177
X25519KeyExchangeOnlyServerHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:177
X25519PAKEClientHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:200
NetworkAuthenticationClientHandler::ReceiveEnableEncryption
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
X25519PAKEClientHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:201
NetworkAuthenticationClientHandler::RequestResult
RequestResult
The processing result of receiving a request.
Definition: network_crypto.h:225
X25519PAKEServerHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:228
NetworkAuthenticationHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
NetworkAuthenticationServerHandler
Base class for server side cryptographic authentication handlers.
Definition: network_crypto.h:258
CombinedAuthenticationServerHandler::SendRequest
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
Definition: network_crypto.cpp:405
Packet
Internal entity of a packet.
Definition: packet.h:42
X25519AuthorizedKeyClientHandler::ReceiveRequest
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
Definition: network_crypto_internal.h:252
X25519KeyExchangeOnlyClientHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:147
CombinedAuthenticationServerHandler::Add
void Add(Handler &&handler)
Add the given sub-handler to this handler, if the handler can be used (e.g.
Definition: network_crypto.cpp:397
X25519Mac
std::array< uint8_t, X25519_MAC_SIZE > X25519Mac
Container for a X25519 message authentication code.
Definition: network_crypto_internal.h:46
X25519KeyExchangeSide::CLIENT
@ CLIENT
We are the client.
X25519AuthorizedKeyServerHandler::GetPeerPublicKey
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Definition: network_crypto_internal.h:289
X25519AuthorizedKeyClientHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:259
X25519KeyExchangeOnlyServerHandler::CanBeUsed
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
Definition: network_crypto_internal.h:172
X25519DerivedKeys::ClientToServer
std::span< const uint8_t > ClientToServer() const
Get the key to encrypt or decrypt a message sent from the client to the server.
Definition: network_crypto.cpp:41
NetworkAuthenticationPasswordProvider
Callback interface for server implementations to provide the current password.
Definition: network_crypto.h:109
NetworkAuthenticationAuthorizedKeyHandler
Callback interface for server implementations to provide the authorized key validation.
Definition: network_crypto.h:140
X25519KeyExchangeOnlyClientHandler::SendResponse
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
Definition: network_crypto_internal.h:144
X25519AuthorizedKeyServerHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:292
X25519SecretKey::CreatePublicKey
X25519PublicKey CreatePublicKey() const
Create the public key associated with this secret key.
Definition: network_crypto.cpp:156
CombinedAuthenticationClientHandler::ReceiveEnableEncryption
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
Definition: network_crypto_internal.h:321
X25519Nonce::CreateRandom
static X25519Nonce CreateRandom()
Create a new nonce that's filled with random bytes.
Definition: network_crypto.cpp:167
NetworkAuthenticationServerHandler::ResponseResult
ResponseResult
The processing result of receiving a response.
Definition: network_crypto.h:261
X25519KeyExchangeOnlyServerHandler::GetAuthenticationMethod
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Definition: network_crypto_internal.h:171
X25519PAKEServerHandler::GetPeerPublicKey
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Definition: network_crypto_internal.h:231
X25519AuthenticationHandler::ReceiveResponse
NetworkAuthenticationServerHandler::ResponseResult ReceiveResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Read the key exchange data from a Packet that came from the client, and check whether the client pass...
Definition: network_crypto.cpp:285
X25519PAKEClientHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:205
NetworkAuthenticationAuthorizedKeyHandler::CanBeUsed
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
NetworkAuthenticationClientHandler::INVALID
@ INVALID
We have received an invalid request.
Definition: network_crypto.h:228
X25519PAKEServerHandler::X25519PAKEServerHandler
X25519PAKEServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationPasswordProvider *password_provider)
Create the handler with the given password provider.
Definition: network_crypto_internal.h:222
CombinedAuthenticationServerHandler::Handler
std::unique_ptr< NetworkAuthenticationServerHandler > Handler
The type of the inner handlers.
Definition: network_crypto_internal.h:332
CombinedAuthenticationClientHandler::ReceiveRequest
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
Definition: network_crypto.cpp:361
X25519AuthenticationHandler::ReceiveEnableEncryption
bool ReceiveEnableEncryption(struct Packet &p)
Receive the initial nonce for the encrypted connection.
Definition: network_crypto.cpp:263
X25519KeyExchangeOnlyClientHandler::X25519KeyExchangeOnlyClientHandler
X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
Definition: network_crypto_internal.h:141
X25519DerivedKeys::Exchange
bool Exchange(const X25519PublicKey &peer_public_key, X25519KeyExchangeSide side, const X25519SecretKey &our_secret_key, const X25519PublicKey &our_public_key, std::string_view extra_payload)
Perform the actual key exchange.
Definition: network_crypto.cpp:64
NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
Definition: network_crypto.h:180
X25519_KEY_EXCHANGE_MESSAGE_SIZE
constexpr size_t X25519_KEY_EXCHANGE_MESSAGE_SIZE
The number of bytes the (random) payload of the authentication message has.
Definition: network_crypto_internal.h:22
X25519DerivedKeys::keys
std::array< uint8_t, X25519_KEY_SIZE+X25519_KEY_SIZE > keys
Single contiguous buffer to store the derived keys in, as they are generated as a single hash.
Definition: network_crypto_internal.h:64
X25519KeyExchangeOnlyServerHandler::SendEnableEncryption
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Definition: network_crypto_internal.h:175
network_crypto.h
X25519PAKEClientHandler::ReceiveEnableEncryption
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
Definition: network_crypto_internal.h:203
X25519_MAC_SIZE
constexpr size_t X25519_MAC_SIZE
The number of bytes the message authentication codes are in X25519.
Definition: network_crypto_internal.h:20
X25519AuthorizedKeyServerHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:285
CombinedAuthenticationClientHandler::handlers
std::vector< Handler > handlers
The handlers that we can authenticate with.
Definition: network_crypto_internal.h:305
X25519AuthorizedKeyServerHandler::authorized_key_handler
const NetworkAuthenticationAuthorizedKeyHandler * authorized_key_handler
The handler of the authorized keys.
Definition: network_crypto_internal.h:273
X25519PAKEServerHandler::SendEnableEncryption
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Definition: network_crypto_internal.h:232
X25519_KEY_SIZE
constexpr size_t X25519_KEY_SIZE
The number of bytes the public and secret keys are in X25519.
Definition: network_crypto_internal.h:16
CombinedAuthenticationClientHandler
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
Definition: network_crypto_internal.h:300
X25519KeyExchangeOnlyClientHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:146
X25519KeyExchangeOnlyClientHandler::ReceiveRequest
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
Definition: network_crypto_internal.h:143
X25519SecretKey::CreateRandom
static X25519SecretKey CreateRandom()
Create a new secret key that's filled with random bytes.
Definition: network_crypto.cpp:145
X25519AuthorizedKeyServerHandler
Handler for servers using a X25519 key exchange to perform authentication via a set of authorized (pu...
Definition: network_crypto_internal.h:271
X25519KeyExchangeOnlyServerHandler::SendRequest
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
Definition: network_crypto_internal.h:167
X25519DerivedKeys::~X25519DerivedKeys
~X25519DerivedKeys()
Ensure the derived keys do not get leaked when we're done with it.
Definition: network_crypto.cpp:32
X25519AuthorizedKeyServerHandler::ReceiveResponse
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Definition: network_crypto.cpp:351
CombinedAuthenticationClientHandler::SendResponse
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
Definition: network_crypto.cpp:375
X25519PAKEClientHandler::SendResponse
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
Definition: network_crypto_internal.h:198
X25519PAKEServerHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:227
X25519KeyExchangeOnlyClientHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:150
X25519KeyExchangeOnlyClientHandler::ReceiveEnableEncryption
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
Definition: network_crypto_internal.h:149
X25519KeyExchangeOnlyServerHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto_internal.h:170
X25519AuthorizedKeyServerHandler::CanBeUsed
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
Definition: network_crypto_internal.h:287
CombinedAuthenticationServerHandler::GetName
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Definition: network_crypto.cpp:424
X25519AuthorizedKeyClientHandler::SendResponse
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
Definition: network_crypto_internal.h:253
CombinedAuthenticationClientHandler::current_handler
NetworkAuthenticationClientHandler * current_handler
The currently active handler.
Definition: network_crypto_internal.h:306
X25519AuthenticationHandler
Base for handlers using a X25519 key exchange to perform authentication.
Definition: network_crypto_internal.h:104
X25519PAKEServerHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:233
X25519SecretKey
Container for a X25519 secret key.
Definition: network_crypto_internal.h:34
X25519KeyExchangeOnlyServerHandler
Server side handler for using X25519 without actual authentication.
Definition: network_crypto_internal.h:159
X25519AuthenticationHandler::SendEnableEncryption
void SendEnableEncryption(struct Packet &p) const
Send the initial nonce for the encrypted connection.
Definition: network_crypto.cpp:253
X25519AuthenticationHandler::our_public_key
X25519PublicKey our_public_key
The public key used by us.
Definition: network_crypto_internal.h:107
NetworkAuthenticationHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519AuthorizedKeyClientHandler::X25519AuthorizedKeyClientHandler
X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key)
Create the handler that uses the given password to check against.
Definition: network_crypto_internal.h:250
NetworkAuthenticationPasswordProvider::GetPassword
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
X25519AuthorizedKeyClientHandler::ReceiveEnableEncryption
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
Definition: network_crypto_internal.h:258
X25519KeyExchangeOnlyClientHandler::CreateServerToClientEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Definition: network_crypto_internal.h:151
X25519AuthenticationHandler::derived_keys
X25519DerivedKeys derived_keys
Keys derived from the authentication process.
Definition: network_crypto_internal.h:109
X25519AuthenticationHandler::our_secret_key
X25519SecretKey our_secret_key
The secret key used by us.
Definition: network_crypto_internal.h:106
X25519KeyExchangeOnlyServerHandler::CreateClientToServerEncryptionHandler
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Definition: network_crypto_internal.h:176