mirror of https://github.com/OpenTTD/OpenTTD
Codechange: make network crypto enum classes
parent
fef2baf041
commit
8ca03a3766
|
@ -851,7 +851,7 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_AUTH_RESPONSE(P
|
|||
if (this->status != ADMIN_STATUS_AUTHENTICATE) return this->SendError(NETWORK_ERROR_NOT_EXPECTED);
|
||||
|
||||
switch (this->authentication_handler->ReceiveResponse(p)) {
|
||||
case NetworkAuthenticationServerHandler::AUTHENTICATED:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::Authenticated:
|
||||
Debug(net, 3, "[admin] '{}' ({}) authenticated", this->admin_name, this->admin_version);
|
||||
|
||||
this->SendEnableEncryption();
|
||||
|
@ -861,11 +861,11 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_AUTH_RESPONSE(P
|
|||
this->authentication_handler = nullptr;
|
||||
return this->SendProtocol();
|
||||
|
||||
case NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod:
|
||||
Debug(net, 6, "[admin] '{}' ({}) authentication failed, trying next method", this->admin_name, this->admin_version);
|
||||
return this->SendAuthRequest();
|
||||
|
||||
case NetworkAuthenticationServerHandler::NOT_AUTHENTICATED:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated:
|
||||
default:
|
||||
Debug(net, 3, "[admin] '{}' ({}) authentication failed", this->admin_name, this->admin_version);
|
||||
return this->SendError(NETWORK_ERROR_WRONG_PASSWORD);
|
||||
|
|
|
@ -694,13 +694,13 @@ NetworkRecvStatus ClientNetworkGameSocketHandler::Receive_SERVER_AUTH_REQUEST(Pa
|
|||
_settings_client.network.client_secret_key, _settings_client.network.client_public_key);
|
||||
}
|
||||
switch (this->authentication_handler->ReceiveRequest(p)) {
|
||||
case NetworkAuthenticationClientHandler::READY_FOR_RESPONSE:
|
||||
case NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse:
|
||||
return SendAuthResponse();
|
||||
|
||||
case NetworkAuthenticationClientHandler::AWAIT_USER_INPUT:
|
||||
case NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput:
|
||||
return NETWORK_RECV_STATUS_OKAY;
|
||||
|
||||
case NetworkAuthenticationClientHandler::INVALID:
|
||||
case NetworkAuthenticationClientHandler::RequestResult::Invalid:
|
||||
default:
|
||||
return NETWORK_RECV_STATUS_MALFORMED_PACKET;
|
||||
}
|
||||
|
|
|
@ -286,7 +286,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
|
|||
{
|
||||
if (p.RemainingBytesToTransfer() != X25519_KEY_SIZE + X25519_MAC_SIZE + X25519_KEY_EXCHANGE_MESSAGE_SIZE) {
|
||||
Debug(net, 1, "[crypto] Received auth response of illegal size; authentication aborted.");
|
||||
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
|
||||
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
|
||||
}
|
||||
|
||||
X25519KeyExchangeMessage message{};
|
||||
|
@ -299,7 +299,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
|
|||
if (!this->derived_keys.Exchange(this->peer_public_key, X25519KeyExchangeSide::SERVER,
|
||||
this->our_secret_key, this->our_public_key, derived_key_extra_payload)) {
|
||||
Debug(net, 0, "[crypto] Peer sent an illegal public key; authentication aborted.");
|
||||
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
|
||||
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
|
||||
}
|
||||
|
||||
if (crypto_aead_unlock(message.data(), mac.data(), this->derived_keys.ClientToServer().data(), this->key_exchange_nonce.data(),
|
||||
|
@ -308,20 +308,20 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
|
|||
* The ciphertext and the message authentication code do not match with the encryption key.
|
||||
* This is most likely an invalid password, or possibly a bug in the client.
|
||||
*/
|
||||
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
|
||||
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
|
||||
}
|
||||
|
||||
return NetworkAuthenticationServerHandler::AUTHENTICATED;
|
||||
return NetworkAuthenticationServerHandler::ResponseResult::Authenticated;
|
||||
}
|
||||
|
||||
|
||||
/* virtual */ NetworkAuthenticationClientHandler::RequestResult X25519PAKEClientHandler::ReceiveRequest(struct Packet &p)
|
||||
{
|
||||
bool success = this->X25519AuthenticationHandler::ReceiveRequest(p);
|
||||
if (!success) return NetworkAuthenticationClientHandler::INVALID;
|
||||
if (!success) return NetworkAuthenticationClientHandler::RequestResult::Invalid;
|
||||
|
||||
this->handler->AskUserForPassword(this->handler);
|
||||
return NetworkAuthenticationClientHandler::AWAIT_USER_INPUT;
|
||||
return NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -351,10 +351,10 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
|
|||
/* virtual */ NetworkAuthenticationServerHandler::ResponseResult X25519AuthorizedKeyServerHandler::ReceiveResponse(Packet &p)
|
||||
{
|
||||
ResponseResult result = this->X25519AuthenticationHandler::ReceiveResponse(p, {});
|
||||
if (result != AUTHENTICATED) return result;
|
||||
if (result != ResponseResult::Authenticated) return result;
|
||||
|
||||
std::string peer_public_key = this->GetPeerPublicKey();
|
||||
return this->authorized_key_handler->IsAllowed(peer_public_key) ? AUTHENTICATED : NOT_AUTHENTICATED;
|
||||
return this->authorized_key_handler->IsAllowed(peer_public_key) ? ResponseResult::Authenticated : ResponseResult::NotAuthenticated;
|
||||
}
|
||||
|
||||
|
||||
|
@ -364,7 +364,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
|
|||
|
||||
auto is_of_method = [method](Handler &handler) { return handler->GetAuthenticationMethod() == method; };
|
||||
auto it = std::ranges::find_if(handlers, is_of_method);
|
||||
if (it == handlers.end()) return INVALID;
|
||||
if (it == handlers.end()) return RequestResult::Invalid;
|
||||
|
||||
this->current_handler = it->get();
|
||||
|
||||
|
@ -415,10 +415,10 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle
|
|||
Debug(net, 9, "Receiving {} authentication response", this->GetName());
|
||||
|
||||
ResponseResult result = this->handlers.back()->ReceiveResponse(p);
|
||||
if (result != NOT_AUTHENTICATED) return result;
|
||||
if (result != ResponseResult::NotAuthenticated) return result;
|
||||
|
||||
this->handlers.pop_back();
|
||||
return this->CanBeUsed() ? RETRY_NEXT_METHOD : NOT_AUTHENTICATED;
|
||||
return this->CanBeUsed() ? ResponseResult::RetryNextMethod : ResponseResult::NotAuthenticated;
|
||||
}
|
||||
|
||||
/* virtual */ std::string_view CombinedAuthenticationServerHandler::GetName() const
|
||||
|
|
|
@ -222,10 +222,10 @@ public:
|
|||
class NetworkAuthenticationClientHandler : public NetworkAuthenticationHandler {
|
||||
public:
|
||||
/** The processing result of receiving a request. */
|
||||
enum RequestResult : uint8_t {
|
||||
AWAIT_USER_INPUT, ///< We have requested some user input, but must wait on that.
|
||||
READY_FOR_RESPONSE, ///< We do not have to wait for user input, and can immediately respond to the server.
|
||||
INVALID, ///< We have received an invalid request.
|
||||
enum class RequestResult : uint8_t {
|
||||
AwaitUserInput, ///< We have requested some user input, but must wait on that.
|
||||
ReadyForResponse, ///< We do not have to wait for user input, and can immediately respond to the server.
|
||||
Invalid, ///< We have received an invalid request.
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -258,10 +258,10 @@ public:
|
|||
class NetworkAuthenticationServerHandler : public NetworkAuthenticationHandler {
|
||||
public:
|
||||
/** The processing result of receiving a response. */
|
||||
enum ResponseResult : uint8_t {
|
||||
AUTHENTICATED, ///< The client was authenticated successfully.
|
||||
NOT_AUTHENTICATED, ///< All authentications for this handler have been exhausted.
|
||||
RETRY_NEXT_METHOD, ///< The client failed to authenticate, but there is another method to try.
|
||||
enum class ResponseResult : uint8_t {
|
||||
Authenticated, ///< The client was authenticated successfully.
|
||||
NotAuthenticated, ///< All authentications for this handler have been exhausted.
|
||||
RetryNextMethod, ///< The client failed to authenticate, but there is another method to try.
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -140,7 +140,7 @@ public:
|
|||
*/
|
||||
X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
|
||||
|
||||
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
|
||||
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? RequestResult::ReadyForResponse : RequestResult::Invalid; }
|
||||
virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
|
||||
|
||||
virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; }
|
||||
|
@ -249,7 +249,7 @@ public:
|
|||
*/
|
||||
X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
|
||||
|
||||
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
|
||||
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? RequestResult::ReadyForResponse : RequestResult::Invalid; }
|
||||
virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
|
||||
|
||||
virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; }
|
||||
|
|
|
@ -952,13 +952,13 @@ NetworkRecvStatus ServerNetworkGameSocketHandler::Receive_CLIENT_AUTH_RESPONSE(P
|
|||
|
||||
auto authentication_method = this->authentication_handler->GetAuthenticationMethod();
|
||||
switch (this->authentication_handler->ReceiveResponse(p)) {
|
||||
case NetworkAuthenticationServerHandler::AUTHENTICATED:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::Authenticated:
|
||||
break;
|
||||
|
||||
case NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod:
|
||||
return this->SendAuthRequest();
|
||||
|
||||
case NetworkAuthenticationServerHandler::NOT_AUTHENTICATED:
|
||||
case NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated:
|
||||
default:
|
||||
return this->SendError(GetErrorForAuthenticationMethod(authentication_method));
|
||||
}
|
||||
|
|
|
@ -86,7 +86,7 @@ TEST_CASE("Authentication_KeyExchangeOnly")
|
|||
X25519KeyExchangeOnlyServerHandler server(X25519SecretKey::CreateRandom());
|
||||
X25519KeyExchangeOnlyClientHandler client(X25519SecretKey::CreateRandom());
|
||||
|
||||
TestAuthentication(server, client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(server, client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
}
|
||||
|
||||
|
||||
|
@ -97,21 +97,21 @@ static void TestAuthenticationPAKE(std::string server_password, std::string clie
|
|||
X25519PAKEServerHandler server(X25519SecretKey::CreateRandom(), &server_password_provider);
|
||||
X25519PAKEClientHandler client(X25519SecretKey::CreateRandom(), std::make_shared<TestPasswordRequestHandler>(client_password));
|
||||
|
||||
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
|
||||
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
|
||||
}
|
||||
|
||||
TEST_CASE("Authentication_PAKE")
|
||||
{
|
||||
SECTION("Correct password") {
|
||||
TestAuthenticationPAKE("sikrit", "sikrit", NetworkAuthenticationServerHandler::AUTHENTICATED);
|
||||
TestAuthenticationPAKE("sikrit", "sikrit", NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
|
||||
}
|
||||
|
||||
SECTION("Empty password") {
|
||||
TestAuthenticationPAKE("", "", NetworkAuthenticationServerHandler::AUTHENTICATED);
|
||||
TestAuthenticationPAKE("", "", NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
|
||||
}
|
||||
|
||||
SECTION("Wrong password") {
|
||||
TestAuthenticationPAKE("sikrit", "secret", NetworkAuthenticationServerHandler::NOT_AUTHENTICATED);
|
||||
TestAuthenticationPAKE("sikrit", "secret", NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -126,7 +126,7 @@ static void TestAuthenticationAuthorizedKey(const X25519SecretKey &client_secret
|
|||
X25519AuthorizedKeyServerHandler server(X25519SecretKey::CreateRandom(), &authorized_key_handler);
|
||||
X25519AuthorizedKeyClientHandler client(client_secret_key);
|
||||
|
||||
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
}
|
||||
|
||||
TEST_CASE("Authentication_AuthorizedKey")
|
||||
|
@ -136,11 +136,11 @@ TEST_CASE("Authentication_AuthorizedKey")
|
|||
auto invalid_client_public_key = X25519SecretKey::CreateRandom().CreatePublicKey();
|
||||
|
||||
SECTION("Correct public key") {
|
||||
TestAuthenticationAuthorizedKey(client_secret_key, valid_client_public_key, NetworkAuthenticationServerHandler::AUTHENTICATED);
|
||||
TestAuthenticationAuthorizedKey(client_secret_key, valid_client_public_key, NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
|
||||
}
|
||||
|
||||
SECTION("Incorrect public key") {
|
||||
TestAuthenticationAuthorizedKey(client_secret_key, invalid_client_public_key, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED);
|
||||
TestAuthenticationAuthorizedKey(client_secret_key, invalid_client_public_key, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -175,39 +175,39 @@ TEST_CASE("Authentication_Combined")
|
|||
SECTION("Invalid authorized keys, invalid password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&invalid_password_provider, &invalid_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
|
||||
}
|
||||
|
||||
SECTION("Invalid authorized keys, valid password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &invalid_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
|
||||
}
|
||||
|
||||
SECTION("Valid authorized keys, valid password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &valid_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
}
|
||||
|
||||
SECTION("No authorized keys, invalid password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&invalid_password_provider, &no_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
|
||||
}
|
||||
|
||||
SECTION("No authorized keys, valid password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &no_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
|
||||
}
|
||||
|
||||
SECTION("No authorized keys, no password") {
|
||||
auto server = NetworkAuthenticationServerHandler::Create(&no_password_provider, &no_authorized_key_handler);
|
||||
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -248,7 +248,7 @@ TEST_CASE("Encryption handling")
|
|||
X25519KeyExchangeOnlyServerHandler server(X25519SecretKey::CreateRandom());
|
||||
X25519KeyExchangeOnlyClientHandler client(X25519SecretKey::CreateRandom());
|
||||
|
||||
TestAuthentication(server, client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
|
||||
TestAuthentication(server, client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
|
||||
|
||||
Packet packet(&mock_socket_handler, PacketType{});
|
||||
server.SendEnableEncryption(packet);
|
||||
|
|
Loading…
Reference in New Issue