OpenTTD Source
20240919-master-gdf0233f4c2
|
Go to the documentation of this file.
10 #ifndef NETWORK_CRYPTO_INTERNAL_H
11 #define NETWORK_CRYPTO_INTERNAL_H
25 struct X25519Key : std::array<uint8_t, X25519_KEY_SIZE> {
46 using X25519Mac = std::array<uint8_t, X25519_MAC_SIZE>;
64 std::array<uint8_t, X25519_KEY_SIZE + X25519_KEY_SIZE>
keys;
117 void SendRequest(
struct Packet &p);
126 std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler()
const;
127 std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler()
const;
146 virtual std::string_view
GetName()
const override {
return "X25519-KeyExchangeOnly-client"; }
167 virtual void SendRequest(
struct Packet &p)
override { this->X25519AuthenticationHandler::SendRequest(p); }
170 virtual std::string_view
GetName()
const override {
return "X25519-KeyExchangeOnly-server"; }
172 virtual bool CanBeUsed()
const override {
return true; }
187 std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> handler;
200 virtual std::string_view
GetName()
const override {
return "X25519-PAKE-client"; }
224 virtual void SendRequest(
struct Packet &p)
override { this->X25519AuthenticationHandler::SendRequest(p); }
227 virtual std::string_view
GetName()
const override {
return "X25519-PAKE-server"; }
255 virtual std::string_view
GetName()
const override {
return "X25519-AuthorizedKey-client"; }
282 virtual void SendRequest(
struct Packet &p)
override { this->X25519AuthenticationHandler::SendRequest(p); }
285 virtual std::string_view
GetName()
const override {
return "X25519-AuthorizedKey-server"; }
302 using Handler = std::unique_ptr<NetworkAuthenticationClientHandler>;
313 void Add(
Handler &&handler) { this->handlers.push_back(std::move(handler)); }
318 virtual std::string_view
GetName()
const override;
332 using Handler = std::unique_ptr<NetworkAuthenticationServerHandler>;
343 virtual std::string_view
GetName()
const override;
347 virtual std::string
GetPeerPublicKey()
const override {
return this->handlers.back()->GetPeerPublicKey(); }
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Container for a X25519 key that is automatically crypto-wiped when destructed.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Server side handler for using X25519 with a password-authenticated key exchange.
bool SendResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Perform the key exchange, and when that is correct fill the Packet with the appropriate data.
Container for the keys that derived from the X25519 key exchange mechanism.
X25519PAKEClientHandler(const X25519SecretKey &secret_key, std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > handler)
Create the handler with the given password handler.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
std::string GetPeerPublicKey() const
Get the public key the peer provided for the key exchange.
bool ReceiveRequest(struct Packet &p)
Read the key exchange data from a Packet that came from the server,.
std::vector< Handler > handlers
The handlers that we can (still) authenticate with.
X25519AuthenticationHandler(const X25519SecretKey &secret_key)
Create the handler, and generate the public keys accordingly.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
std::unique_ptr< NetworkAuthenticationClientHandler > Handler
The type of the inner handlers.
Container for a X25519 nonce that is automatically crypto-wiped when destructed.
X25519Nonce key_exchange_nonce
The nonce to prevent replay attacks of the key exchange.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
~X25519Key()
Ensure the key does not get leaked when we're done with it.
static X25519SecretKey GetValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Get the secret key from the given string.
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519AuthorizedKeyServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler)
Create the handler that uses the given authorized keys to check against.
Client side handler for using X25519 without actual authentication.
@ SERVER
We are the server.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
const NetworkAuthenticationPasswordProvider * password_provider
The password to check against.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
constexpr size_t X25519_NONCE_SIZE
The number of bytes the nonces are in X25519.
~X25519Nonce()
Ensure the nonce does not get leaked when we're done with it.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Client side handler for using X25519 with a password-authenticated key exchange.
Handler for clients using a X25519 key exchange to perform authentication via a set of authorized (pu...
std::span< const uint8_t > ServerToClient() const
Get the key to encrypt or decrypt a message sent from the server to the client.
X25519KeyExchangeOnlyServerHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
X25519PublicKey peer_public_key
The public key used by our peer.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
Container for a X25519 public key.
X25519Nonce encryption_nonce
The nonce to prevent replay attacks the encrypted connection.
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
X25519KeyExchangeSide
The side of the key exchange.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
std::array< uint8_t, X25519_KEY_EXCHANGE_MESSAGE_SIZE > X25519KeyExchangeMessage
Container for a X25519 key exchange message.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Base class for client side cryptographic authentication handlers.
void Add(Handler &&handler)
Add the given sub-handler to this handler.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
NetworkAuthenticationMethod
The authentication method that can be used.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
RequestResult
The processing result of receiving a request.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Base class for server side cryptographic authentication handlers.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
Internal entity of a packet.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
void Add(Handler &&handler)
Add the given sub-handler to this handler, if the handler can be used (e.g.
std::array< uint8_t, X25519_MAC_SIZE > X25519Mac
Container for a X25519 message authentication code.
@ CLIENT
We are the client.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
std::span< const uint8_t > ClientToServer() const
Get the key to encrypt or decrypt a message sent from the client to the server.
Callback interface for server implementations to provide the current password.
Callback interface for server implementations to provide the authorized key validation.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519PublicKey CreatePublicKey() const
Create the public key associated with this secret key.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
static X25519Nonce CreateRandom()
Create a new nonce that's filled with random bytes.
ResponseResult
The processing result of receiving a response.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
NetworkAuthenticationServerHandler::ResponseResult ReceiveResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Read the key exchange data from a Packet that came from the client, and check whether the client pass...
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
@ INVALID
We have received an invalid request.
X25519PAKEServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationPasswordProvider *password_provider)
Create the handler with the given password provider.
std::unique_ptr< NetworkAuthenticationServerHandler > Handler
The type of the inner handlers.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
bool ReceiveEnableEncryption(struct Packet &p)
Receive the initial nonce for the encrypted connection.
X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
bool Exchange(const X25519PublicKey &peer_public_key, X25519KeyExchangeSide side, const X25519SecretKey &our_secret_key, const X25519PublicKey &our_public_key, std::string_view extra_payload)
Perform the actual key exchange.
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
constexpr size_t X25519_KEY_EXCHANGE_MESSAGE_SIZE
The number of bytes the (random) payload of the authentication message has.
std::array< uint8_t, X25519_KEY_SIZE+X25519_KEY_SIZE > keys
Single contiguous buffer to store the derived keys in, as they are generated as a single hash.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
constexpr size_t X25519_MAC_SIZE
The number of bytes the message authentication codes are in X25519.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
std::vector< Handler > handlers
The handlers that we can authenticate with.
const NetworkAuthenticationAuthorizedKeyHandler * authorized_key_handler
The handler of the authorized keys.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
constexpr size_t X25519_KEY_SIZE
The number of bytes the public and secret keys are in X25519.
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
static X25519SecretKey CreateRandom()
Create a new secret key that's filled with random bytes.
Handler for servers using a X25519 key exchange to perform authentication via a set of authorized (pu...
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
~X25519DerivedKeys()
Ensure the derived keys do not get leaked when we're done with it.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
NetworkAuthenticationClientHandler * current_handler
The currently active handler.
Base for handlers using a X25519 key exchange to perform authentication.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Container for a X25519 secret key.
Server side handler for using X25519 without actual authentication.
void SendEnableEncryption(struct Packet &p) const
Send the initial nonce for the encrypted connection.
X25519PublicKey our_public_key
The public key used by us.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key)
Create the handler that uses the given password to check against.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519DerivedKeys derived_keys
Keys derived from the authentication process.
X25519SecretKey our_secret_key
The secret key used by us.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.