OpenTTD Source  20241121-master-g67a0fccfad
network_crypto_internal.h
Go to the documentation of this file.
1 /*
2  * This file is part of OpenTTD.
3  * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.
4  * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
5  * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>.
6  */
7 
10 #ifndef NETWORK_CRYPTO_INTERNAL_H
11 #define NETWORK_CRYPTO_INTERNAL_H
12 
13 #include "network_crypto.h"
14 
16 constexpr size_t X25519_KEY_SIZE = 32;
18 constexpr size_t X25519_NONCE_SIZE = 24;
20 constexpr size_t X25519_MAC_SIZE = 16;
22 constexpr size_t X25519_KEY_EXCHANGE_MESSAGE_SIZE = 8;
23 
25 struct X25519Key : std::array<uint8_t, X25519_KEY_SIZE> {
26  ~X25519Key();
27 };
28 
31 };
32 
37 };
38 
40 struct X25519Nonce : std::array<uint8_t, X25519_NONCE_SIZE> {
41  static X25519Nonce CreateRandom();
42  ~X25519Nonce();
43 };
44 
46 using X25519Mac = std::array<uint8_t, X25519_MAC_SIZE>;
47 
49 using X25519KeyExchangeMessage = std::array<uint8_t, X25519_KEY_EXCHANGE_MESSAGE_SIZE>;
50 
53  CLIENT,
54  SERVER,
55 };
56 
62 private:
64  std::array<uint8_t, X25519_KEY_SIZE + X25519_KEY_SIZE> keys;
65 public:
67  std::span<const uint8_t> ClientToServer() const;
68  std::span<const uint8_t> ServerToClient() const;
69  bool Exchange(const X25519PublicKey &peer_public_key, X25519KeyExchangeSide side,
70  const X25519SecretKey &our_secret_key, const X25519PublicKey &our_public_key, std::string_view extra_payload);
71 };
72 
105 private:
111 
113 
114 protected:
115  X25519AuthenticationHandler(const X25519SecretKey &secret_key);
116 
117  void SendRequest(struct Packet &p);
118  bool ReceiveRequest(struct Packet &p);
119  bool SendResponse(struct Packet &p, std::string_view derived_key_extra_payload);
120  NetworkAuthenticationServerHandler::ResponseResult ReceiveResponse(struct Packet &p, std::string_view derived_key_extra_payload);
121 
122  std::string GetPeerPublicKey() const;
123 
124  void SendEnableEncryption(struct Packet &p) const;
125  bool ReceiveEnableEncryption(struct Packet &p);
126  std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const;
127  std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const;
128 };
129 
136 public:
142 
144  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
145 
146  virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; }
148 
149  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
150  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
151  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
152 };
153 
160 public:
166 
167  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
168  virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, {}); }
169 
170  virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-server"; }
172  virtual bool CanBeUsed() const override { return true; }
173 
174  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
176  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
177  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
178 };
179 
186 private:
187  std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> handler;
188 
189 public:
195  X25519PAKEClientHandler(const X25519SecretKey &secret_key, std::shared_ptr<NetworkAuthenticationPasswordRequestHandler> handler) : X25519AuthenticationHandler(secret_key), handler(handler) {}
196 
197  virtual RequestResult ReceiveRequest(struct Packet &p) override;
198  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, this->handler->password); }
199 
200  virtual std::string_view GetName() const override { return "X25519-PAKE-client"; }
202 
203  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
204  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
205  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
206 };
207 
214 private:
216 public:
223 
224  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
225  virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, this->password_provider->GetPassword()); }
226 
227  virtual std::string_view GetName() const override { return "X25519-PAKE-server"; }
229  virtual bool CanBeUsed() const override { return !this->password_provider->GetPassword().empty(); }
230 
231  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
233  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
234  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
235 };
236 
237 
245 public:
251 
253  virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
254 
255  virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; }
257 
258  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
259  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
260  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
261 
262  static X25519SecretKey GetValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key);
263 };
264 
272 private:
274 public:
281 
282  virtual void SendRequest(struct Packet &p) override { this->X25519AuthenticationHandler::SendRequest(p); }
283  virtual ResponseResult ReceiveResponse(struct Packet &p) override;
284 
285  virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-server"; }
287  virtual bool CanBeUsed() const override { return this->authorized_key_handler->CanBeUsed(); }
288 
289  virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
291  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
292  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateServerToClientEncryptionHandler(); }
293 };
294 
295 
301 public:
302  using Handler = std::unique_ptr<NetworkAuthenticationClientHandler>;
303 
304 private:
305  std::vector<Handler> handlers;
307 
308 public:
313  void Add(Handler &&handler) { this->handlers.push_back(std::move(handler)); }
314 
315  virtual RequestResult ReceiveRequest(struct Packet &p) override;
316  virtual bool SendResponse(struct Packet &p) override;
317 
318  virtual std::string_view GetName() const override;
319  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override;
320 
321  virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->current_handler->ReceiveEnableEncryption(p); }
322  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->current_handler->CreateClientToServerEncryptionHandler(); }
323  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->current_handler->CreateServerToClientEncryptionHandler(); }
324 };
325 
331 public:
332  using Handler = std::unique_ptr<NetworkAuthenticationServerHandler>;
333 
334 private:
335  std::vector<Handler> handlers;
336 
337 public:
338  void Add(Handler &&handler);
339 
340  virtual void SendRequest(struct Packet &p) override;
341  virtual ResponseResult ReceiveResponse(struct Packet &p) override;
342 
343  virtual std::string_view GetName() const override;
344  virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override;
345  virtual bool CanBeUsed() const override;
346 
347  virtual std::string GetPeerPublicKey() const override { return this->handlers.back()->GetPeerPublicKey(); }
348  virtual void SendEnableEncryption(struct Packet &p) override { this->handlers.back()->SendEnableEncryption(p); }
349  virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->handlers.back()->CreateClientToServerEncryptionHandler(); }
350  virtual std::unique_ptr<NetworkEncryptionHandler> CreateServerToClientEncryptionHandler() const override { return this->handlers.back()->CreateServerToClientEncryptionHandler(); }
351 };
352 
353 #endif /* NETWORK_CRYPTO_INTERNAL_H */
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
std::vector< Handler > handlers
The handlers that we can authenticate with.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
NetworkAuthenticationClientHandler * current_handler
The currently active handler.
void Add(Handler &&handler)
Add the given sub-handler to this handler.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
std::unique_ptr< NetworkAuthenticationClientHandler > Handler
The type of the inner handlers.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Handler for combining a number of authentication handlers, where the failure of one of the handlers w...
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
void Add(Handler &&handler)
Add the given sub-handler to this handler, if the handler can be used (e.g.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
std::vector< Handler > handlers
The handlers that we can (still) authenticate with.
std::unique_ptr< NetworkAuthenticationServerHandler > Handler
The type of the inner handlers.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
Callback interface for server implementations to provide the authorized key validation.
virtual bool CanBeUsed() const =0
Check whether the key handler can be used, i.e.
Base class for client side cryptographic authentication handlers.
virtual bool ReceiveEnableEncryption(struct Packet &p)=0
Read the request to enable encryption from the server.
RequestResult
The processing result of receiving a request.
@ READY_FOR_RESPONSE
We do not have to wait for user input, and can immediately respond to the server.
@ INVALID
We have received an invalid request.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const =0
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
Callback interface for server implementations to provide the current password.
virtual std::string_view GetPassword() const =0
Callback to return the password where to validate against.
Base class for server side cryptographic authentication handlers.
ResponseResult
The processing result of receiving a response.
Base for handlers using a X25519 key exchange to perform authentication.
bool ReceiveEnableEncryption(struct Packet &p)
Receive the initial nonce for the encrypted connection.
X25519SecretKey our_secret_key
The secret key used by us.
X25519AuthenticationHandler(const X25519SecretKey &secret_key)
Create the handler, and generate the public keys accordingly.
X25519PublicKey peer_public_key
The public key used by our peer.
X25519Nonce encryption_nonce
The nonce to prevent replay attacks the encrypted connection.
NetworkAuthenticationServerHandler::ResponseResult ReceiveResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Read the key exchange data from a Packet that came from the client, and check whether the client pass...
X25519Nonce key_exchange_nonce
The nonce to prevent replay attacks of the key exchange.
bool SendResponse(struct Packet &p, std::string_view derived_key_extra_payload)
Perform the key exchange, and when that is correct fill the Packet with the appropriate data.
X25519DerivedKeys derived_keys
Keys derived from the authentication process.
std::string GetPeerPublicKey() const
Get the public key the peer provided for the key exchange.
bool ReceiveRequest(struct Packet &p)
Read the key exchange data from a Packet that came from the server,.
void SendEnableEncryption(struct Packet &p) const
Send the initial nonce for the encrypted connection.
X25519PublicKey our_public_key
The public key used by us.
Handler for clients using a X25519 key exchange to perform authentication via a set of authorized (pu...
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
static X25519SecretKey GetValidSecretKeyAndUpdatePublicKey(std::string &secret_key, std::string &public_key)
Get the secret key from the given string.
X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key)
Create the handler that uses the given password to check against.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
Handler for servers using a X25519 key exchange to perform authentication via a set of authorized (pu...
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
X25519AuthorizedKeyServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler)
Create the handler that uses the given authorized keys to check against.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
const NetworkAuthenticationAuthorizedKeyHandler * authorized_key_handler
The handler of the authorized keys.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
Container for the keys that derived from the X25519 key exchange mechanism.
std::array< uint8_t, X25519_KEY_SIZE+X25519_KEY_SIZE > keys
Single contiguous buffer to store the derived keys in, as they are generated as a single hash.
bool Exchange(const X25519PublicKey &peer_public_key, X25519KeyExchangeSide side, const X25519SecretKey &our_secret_key, const X25519PublicKey &our_public_key, std::string_view extra_payload)
Perform the actual key exchange.
std::span< const uint8_t > ClientToServer() const
Get the key to encrypt or decrypt a message sent from the client to the server.
std::span< const uint8_t > ServerToClient() const
Get the key to encrypt or decrypt a message sent from the server to the client.
~X25519DerivedKeys()
Ensure the derived keys do not get leaked when we're done with it.
Client side handler for using X25519 without actual authentication.
X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
Server side handler for using X25519 without actual authentication.
X25519KeyExchangeOnlyServerHandler(const X25519SecretKey &secret_key)
Create the handler that that one does the key exchange.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
Client side handler for using X25519 with a password-authenticated key exchange.
X25519PAKEClientHandler(const X25519SecretKey &secret_key, std::shared_ptr< NetworkAuthenticationPasswordRequestHandler > handler)
Create the handler with the given password handler.
virtual bool ReceiveEnableEncryption(struct Packet &p) override
Read the request to enable encryption from the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual bool SendResponse(struct Packet &p) override
Create the response to send to the server.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual RequestResult ReceiveRequest(struct Packet &p) override
Read a request from the server.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
Server side handler for using X25519 with a password-authenticated key exchange.
virtual void SendRequest(struct Packet &p) override
Create the request to send to the client.
virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override
Get the method this handler is providing functionality for.
X25519PAKEServerHandler(const X25519SecretKey &secret_key, const NetworkAuthenticationPasswordProvider *password_provider)
Create the handler with the given password provider.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateServerToClientEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the server to the client.
virtual bool CanBeUsed() const override
Checks whether this handler can be used with the current configuration.
virtual std::unique_ptr< NetworkEncryptionHandler > CreateClientToServerEncryptionHandler() const override
Create a NetworkEncryptionHandler to encrypt or decrypt messages from the client to the server.
virtual void SendEnableEncryption(struct Packet &p) override
Create the request to enable encryption to the client.
const NetworkAuthenticationPasswordProvider * password_provider
The password to check against.
virtual ResponseResult ReceiveResponse(struct Packet &p) override
Read the response from the client.
virtual std::string_view GetName() const override
Get the name of the handler for debug messages.
virtual std::string GetPeerPublicKey() const override
Get the public key the peer provided during the authentication.
Crypto specific bits of the network handling.
NetworkAuthenticationMethod
The authentication method that can be used.
@ NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY
No actual authentication is taking place, just perform a x25519 key exchange. This method is not supp...
@ NETWORK_AUTH_METHOD_X25519_PAKE
Authentication using x25519 password-authenticated key agreement.
@ NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY
Authentication using x22519 key exchange and authorized keys.
constexpr size_t X25519_MAC_SIZE
The number of bytes the message authentication codes are in X25519.
constexpr size_t X25519_NONCE_SIZE
The number of bytes the nonces are in X25519.
X25519KeyExchangeSide
The side of the key exchange.
@ SERVER
We are the server.
@ CLIENT
We are the client.
std::array< uint8_t, X25519_KEY_EXCHANGE_MESSAGE_SIZE > X25519KeyExchangeMessage
Container for a X25519 key exchange message.
constexpr size_t X25519_KEY_EXCHANGE_MESSAGE_SIZE
The number of bytes the (random) payload of the authentication message has.
constexpr size_t X25519_KEY_SIZE
The number of bytes the public and secret keys are in X25519.
std::array< uint8_t, X25519_MAC_SIZE > X25519Mac
Container for a X25519 message authentication code.
Internal entity of a packet.
Definition: packet.h:42
Container for a X25519 key that is automatically crypto-wiped when destructed.
~X25519Key()
Ensure the key does not get leaked when we're done with it.
Container for a X25519 nonce that is automatically crypto-wiped when destructed.
static X25519Nonce CreateRandom()
Create a new nonce that's filled with random bytes.
~X25519Nonce()
Ensure the nonce does not get leaked when we're done with it.
Container for a X25519 public key.
Container for a X25519 secret key.
X25519PublicKey CreatePublicKey() const
Create the public key associated with this secret key.
static X25519SecretKey CreateRandom()
Create a new secret key that's filled with random bytes.