Network: Change protocol for game/rcon/settings password auth

Instead of sending a hash, do a DH/X25519 key exchange using the password. This also allows authenticating the associated rcon payload and response.
2023-06-15 21:32:15 +01:00
parent 9042eb338f
commit 3d2dc77aa2
7 changed files with 280 additions and 81 deletions
--- a/src/network/network_client.h
+++ b/src/network/network_client.h
@@ -18,6 +18,7 @@ private:
 	std::string connection_string; ///< Address we are connected to.
 	struct PacketReader *savegame; ///< Packet reader for reading the savegame.
 	byte token;                    ///< The token we need to send back to the server to prove we're the right client.
+	NetworkSharedSecrets last_rcon_shared_secrets; ///< Keys for last rcon (and incoming replies)

 	/** Status of the connection with the server. */
 	enum ServerStatus {
@@ -40,6 +41,8 @@ private:
 	std::string server_desync_log;
 	bool emergency_save_done = false;

+	NetworkGameKeys intl_keys;
+
 	static const char *GetServerStatusName(ServerStatus status);

 protected:
@@ -81,6 +84,9 @@ protected:
 	static NetworkRecvStatus SendGetMap();
 	static NetworkRecvStatus SendMapOk();
 	void CheckConnection();
+
+	NetworkRecvStatus SendKeyPasswordPacket(PacketType packet_type, NetworkSharedSecrets &ss, const std::string &password, const std::string *payload);
+
 public:
 	ClientNetworkGameSocketHandler(SOCKET s, std::string connection_string);
 	~ClientNetworkGameSocketHandler();
@@ -90,6 +96,12 @@ public:

 	std::string GetDebugInfo() const override;

+	const NetworkGameKeys &GetKeys()
+	{
+		if (!this->intl_keys.inited) this->intl_keys.Initialise();
+		return this->intl_keys;
+	}
+
 	static NetworkRecvStatus SendJoin();
 	static NetworkRecvStatus SendCommand(const CommandPacket *cp);
 	static NetworkRecvStatus SendError(NetworkErrorCode errorno, NetworkRecvStatus recvstatus = NETWORK_RECV_STATUS_OKAY);