diff --git a/src/network/core/config.h b/src/network/core/config.h index b03f96cdaa..e74cfb2fff 100644 --- a/src/network/core/config.h +++ b/src/network/core/config.h @@ -91,4 +91,10 @@ static const uint NETWORK_GRF_NAME_LENGTH = 80; ///< Maxim */ static const uint NETWORK_MAX_GRF_COUNT = 255; +/** + * The maximum length of the hexadecimal encoded secret keys, in bytes including '\0'. + * This is related to \c X25519_KEY_SIZE in the network crypto internals. + */ +static const uint NETWORK_SECRET_KEY_LENGTH = 32 * 2 + 1; + #endif /* NETWORK_CORE_CONFIG_H */ diff --git a/src/settings.cpp b/src/settings.cpp index 840196347c..29e168bf19 100644 --- a/src/settings.cpp +++ b/src/settings.cpp @@ -137,6 +137,7 @@ private: "newgrf", "servers", "server_bind_addresses", + "server_authorized_keys", }; public: @@ -1285,6 +1286,7 @@ static void HandleSettingDescs(IniFile &generic_ini, IniFile &private_ini, IniFi proc_list(private_ini, "server_bind_addresses", _network_bind_list); proc_list(private_ini, "servers", _network_host_list); proc_list(private_ini, "bans", _network_ban_list); + proc_list(private_ini, "server_authorized_keys", _settings_client.network.server_authorized_keys); } } diff --git a/src/settings_type.h b/src/settings_type.h index 12100ac9ec..9181e59dbe 100644 --- a/src/settings_type.h +++ b/src/settings_type.h @@ -313,9 +313,12 @@ struct NetworkSettings { std::string server_invite_code_secret; ///< Secret to proof we got this invite code from the Game Coordinator. std::string server_name; ///< name of the server std::string server_password; ///< password for joining this server + std::vector server_authorized_keys; ///< Public keys of clients that are authorized to connect to the game. std::string rcon_password; ///< password for rconsole (server side) std::string admin_password; ///< password for the admin network std::string client_name; ///< name of the player (as client) + std::string client_secret_key; ///< The secret key of the client for authorized key logins. + std::string client_public_key; ///< The public key of the client for authorized key logins. std::string default_company_pass; ///< default password for new companies in encrypted form std::string connect_to_ip; ///< default for the "Add server" query std::string network_id; ///< network ID for servers diff --git a/src/table/settings/network_secrets_settings.ini b/src/table/settings/network_secrets_settings.ini index 4613636a86..3d7908e75a 100644 --- a/src/table/settings/network_secrets_settings.ini +++ b/src/table/settings/network_secrets_settings.ini @@ -61,6 +61,24 @@ flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC | SF_NETWORK_ONLY def = nullptr cat = SC_BASIC +[SDTC_SSTR] +var = network.client_secret_key +type = SLE_STR +length = NETWORK_SECRET_KEY_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = nullptr +; Prevent the user from setting the secret key from the console using 'setting' +pre_cb = [](auto) { return false; } + +[SDTC_SSTR] +var = network.client_public_key +type = SLE_STR +length = NETWORK_SECRET_KEY_LENGTH +flags = SF_NOT_IN_SAVE | SF_NO_NETWORK_SYNC +def = nullptr +; Prevent the user from setting the public key from the console using 'setting' +pre_cb = [](auto) { return false; } + [SDTC_SSTR] var = network.default_company_pass type = SLE_STR diff --git a/src/tests/test_network_crypto.cpp b/src/tests/test_network_crypto.cpp index 0438a6ca65..7258c09150 100644 --- a/src/tests/test_network_crypto.cpp +++ b/src/tests/test_network_crypto.cpp @@ -16,6 +16,9 @@ #include "../network/core/packet.h" #include "../string_func.h" +/* The length of the hexadecimal representation of a X25519 key must fit in the key length. */ +static_assert(NETWORK_SECRET_KEY_LENGTH >= X25519_KEY_SIZE * 2 + 1); + class MockNetworkSocketHandler : public NetworkSocketHandler { };