Codechange: add setting for authorized/secret/public keys

2024-03-15 22:36:58 +01:00 · 2024-03-15 22:36:58 +01:00 · dd532cbc77
parent fb9d4afa5c
commit dd532cbc77
5 changed files with 32 additions and 0 deletions
--- a/src/network/core/config.h
+++ b/src/network/core/config.h
@ -91,4 +91,10 @@ static const uint NETWORK_GRF_NAME_LENGTH           =   80;           ///< Maxim
 */
 static const uint NETWORK_MAX_GRF_COUNT             =   255;

+/**
+ * The maximum length of the hexadecimal encoded secret keys, in bytes including '\0'.
+ * This is related to \c X25519_KEY_SIZE in the network crypto internals.
+ */
+static const uint NETWORK_SECRET_KEY_LENGTH = 32 * 2 + 1;
+
 #endif /* NETWORK_CORE_CONFIG_H */
--- a/src/settings.cpp
+++ b/src/settings.cpp
@ -137,6 +137,7 @@ private:
 		"newgrf",
 		"servers",
 		"server_bind_addresses",
+		"server_authorized_keys",
 	};

 public:
@ -1285,6 +1286,7 @@ static void HandleSettingDescs(IniFile &generic_ini, IniFile &private_ini, IniFi
 		proc_list(private_ini, "server_bind_addresses", _network_bind_list);
 		proc_list(private_ini, "servers", _network_host_list);
 		proc_list(private_ini, "bans", _network_ban_list);
+		proc_list(private_ini, "server_authorized_keys", _settings_client.network.server_authorized_keys);
 	}
 }

--- a/src/settings_type.h
+++ b/src/settings_type.h
@ -313,9 +313,12 @@ struct NetworkSettings {
 	std::string server_invite_code_secret;                ///< Secret to proof we got this invite code from the Game Coordinator.
 	std::string server_name;                              ///< name of the server
 	std::string server_password;                          ///< password for joining this server
+	std::vector<std::string> server_authorized_keys; ///< Public keys of clients that are authorized to connect to the game.
 	std::string rcon_password;                            ///< password for rconsole (server side)
 	std::string admin_password;                           ///< password for the admin network
 	std::string client_name;                              ///< name of the player (as client)
+	std::string client_secret_key; ///< The secret key of the client for authorized key logins.
+	std::string client_public_key; ///< The public key of the client for authorized key logins.
 	std::string default_company_pass;                     ///< default password for new companies in encrypted form
 	std::string connect_to_ip;                            ///< default for the "Add server" query
 	std::string network_id;                               ///< network ID for servers
--- a/src/table/settings/network_secrets_settings.ini
+++ b/src/table/settings/network_secrets_settings.ini
@ -61,6 +61,24 @@ flags    = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY
 def      = nullptr
 cat      = SC_BASIC

+[SDTC_SSTR]
+var      = network.client_secret_key
+type     = SLE_STR
+length   = NETWORK_SECRET_KEY_LENGTH
+flags    = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC
+def      = nullptr
+; Prevent the user from setting the secret key from the console using 'setting'
+pre_cb   = [](auto) { return false; }
+
+[SDTC_SSTR]
+var      = network.client_public_key
+type     = SLE_STR
+length   = NETWORK_SECRET_KEY_LENGTH
+flags    = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC
+def      = nullptr
+; Prevent the user from setting the public key from the console using 'setting'
+pre_cb   = [](auto) { return false; }
+
 [SDTC_SSTR]
 var      = network.default_company_pass
 type     = SLE_STR
--- a/src/tests/test_network_crypto.cpp
+++ b/src/tests/test_network_crypto.cpp
@ -16,6 +16,9 @@
 #include "../network/core/packet.h"
 #include "../string_func.h"

+/* The length of the hexadecimal representation of a X25519 key must fit in the key length. */
+static_assert(NETWORK_SECRET_KEY_LENGTH >= X25519_KEY_SIZE * 2 + 1);
+
 class MockNetworkSocketHandler : public NetworkSocketHandler {
 };