mirror
/
OpenTTD
mirror of https://github.com/OpenTTD/OpenTTD
1
0
Fork 0
Code Issues

Codechange: make network crypto enum classes

pull/13482/head
Rubidium 2025-02-06 16:30:28 +01:00 committed by rubidium42
parent fef2baf041
commit 8ca03a3766
7 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/network/network_admin.cpp
View File

@ -851,7 +851,7 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_AUTH_RESPONSE(P
if (this->status != ADMIN_STATUS_AUTHENTICATE) return this->SendError(NETWORK_ERROR_NOT_EXPECTED);
switch (this->authentication_handler->ReceiveResponse(p)) {
case NetworkAuthenticationServerHandler::AUTHENTICATED:
case NetworkAuthenticationServerHandler::ResponseResult::Authenticated:
Debug(net, 3, "[admin] '{}' ({}) authenticated", this->admin_name, this->admin_version);
this->SendEnableEncryption();
@ -861,11 +861,11 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_AUTH_RESPONSE(P
this->authentication_handler = nullptr;
return this->SendProtocol();
case NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD:
case NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod:
Debug(net, 6, "[admin] '{}' ({}) authentication failed, trying next method", this->admin_name, this->admin_version);
return this->SendAuthRequest();
case NetworkAuthenticationServerHandler::NOT_AUTHENTICATED:
case NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated:
default:
Debug(net, 3, "[admin] '{}' ({}) authentication failed", this->admin_name, this->admin_version);
return this->SendError(NETWORK_ERROR_WRONG_PASSWORD);

6
src/network/network_client.cpp
View File

@ -694,13 +694,13 @@ NetworkRecvStatus ClientNetworkGameSocketHandler::Receive_SERVER_AUTH_REQUEST(Pa
_settings_client.network.client_secret_key, _settings_client.network.client_public_key);
}
switch (this->authentication_handler->ReceiveRequest(p)) {
case NetworkAuthenticationClientHandler::READY_FOR_RESPONSE:
case NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse:
return SendAuthResponse();
case NetworkAuthenticationClientHandler::AWAIT_USER_INPUT:
case NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput:
return NETWORK_RECV_STATUS_OKAY;
case NetworkAuthenticationClientHandler::INVALID:
case NetworkAuthenticationClientHandler::RequestResult::Invalid:
default:
return NETWORK_RECV_STATUS_MALFORMED_PACKET;
}

22
src/network/network_crypto.cpp
View File

@ -286,7 +286,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
{
if (p.RemainingBytesToTransfer() != X25519_KEY_SIZE + X25519_MAC_SIZE + X25519_KEY_EXCHANGE_MESSAGE_SIZE) {
Debug(net, 1, "[crypto] Received auth response of illegal size; authentication aborted.");
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
}
X25519KeyExchangeMessage message{};
@ -299,7 +299,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
if (!this->derived_keys.Exchange(this->peer_public_key, X25519KeyExchangeSide::SERVER,
this->our_secret_key, this->our_public_key, derived_key_extra_payload)) {
Debug(net, 0, "[crypto] Peer sent an illegal public key; authentication aborted.");
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
}
if (crypto_aead_unlock(message.data(), mac.data(), this->derived_keys.ClientToServer().data(), this->key_exchange_nonce.data(),
@ -308,20 +308,20 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
* The ciphertext and the message authentication code do not match with the encryption key.
* This is most likely an invalid password, or possibly a bug in the client.
*/
return NetworkAuthenticationServerHandler::NOT_AUTHENTICATED;
return NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated;
}
return NetworkAuthenticationServerHandler::AUTHENTICATED;
return NetworkAuthenticationServerHandler::ResponseResult::Authenticated;
}
/* virtual */ NetworkAuthenticationClientHandler::RequestResult X25519PAKEClientHandler::ReceiveRequest(struct Packet &p)
{
bool success = this->X25519AuthenticationHandler::ReceiveRequest(p);
if (!success) return NetworkAuthenticationClientHandler::INVALID;
if (!success) return NetworkAuthenticationClientHandler::RequestResult::Invalid;
this->handler->AskUserForPassword(this->handler);
return NetworkAuthenticationClientHandler::AWAIT_USER_INPUT;
return NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput;
}
/**
@ -351,10 +351,10 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
/* virtual */ NetworkAuthenticationServerHandler::ResponseResult X25519AuthorizedKeyServerHandler::ReceiveResponse(Packet &p)
{
ResponseResult result = this->X25519AuthenticationHandler::ReceiveResponse(p, {});
if (result != AUTHENTICATED) return result;
if (result != ResponseResult::Authenticated) return result;
std::string peer_public_key = this->GetPeerPublicKey();
return this->authorized_key_handler->IsAllowed(peer_public_key) ? AUTHENTICATED : NOT_AUTHENTICATED;
return this->authorized_key_handler->IsAllowed(peer_public_key) ? ResponseResult::Authenticated : ResponseResult::NotAuthenticated;
}
@ -364,7 +364,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
auto is_of_method = [method](Handler &handler) { return handler->GetAuthenticationMethod() == method; };
auto it = std::ranges::find_if(handlers, is_of_method);
if (it == handlers.end()) return INVALID;
if (it == handlers.end()) return RequestResult::Invalid;
this->current_handler = it->get();
@ -415,10 +415,10 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle
Debug(net, 9, "Receiving {} authentication response", this->GetName());
ResponseResult result = this->handlers.back()->ReceiveResponse(p);
if (result != NOT_AUTHENTICATED) return result;
if (result != ResponseResult::NotAuthenticated) return result;
this->handlers.pop_back();
return this->CanBeUsed() ? RETRY_NEXT_METHOD : NOT_AUTHENTICATED;
return this->CanBeUsed() ? ResponseResult::RetryNextMethod : ResponseResult::NotAuthenticated;
}
/* virtual */ std::string_view CombinedAuthenticationServerHandler::GetName() const

16
src/network/network_crypto.h
View File

@ -222,10 +222,10 @@ public:
class NetworkAuthenticationClientHandler : public NetworkAuthenticationHandler {
public:
/** The processing result of receiving a request. */
enum RequestResult : uint8_t {
AWAIT_USER_INPUT, ///< We have requested some user input, but must wait on that.
READY_FOR_RESPONSE, ///< We do not have to wait for user input, and can immediately respond to the server.
INVALID, ///< We have received an invalid request.
enum class RequestResult : uint8_t {
AwaitUserInput, ///< We have requested some user input, but must wait on that.
ReadyForResponse, ///< We do not have to wait for user input, and can immediately respond to the server.
Invalid, ///< We have received an invalid request.
};
/**
@ -258,10 +258,10 @@ public:
class NetworkAuthenticationServerHandler : public NetworkAuthenticationHandler {
public:
/** The processing result of receiving a response. */
enum ResponseResult : uint8_t {
AUTHENTICATED, ///< The client was authenticated successfully.
NOT_AUTHENTICATED, ///< All authentications for this handler have been exhausted.
RETRY_NEXT_METHOD, ///< The client failed to authenticate, but there is another method to try.
enum class ResponseResult : uint8_t {
Authenticated, ///< The client was authenticated successfully.
NotAuthenticated, ///< All authentications for this handler have been exhausted.
RetryNextMethod, ///< The client failed to authenticate, but there is another method to try.
};
/**

4
src/network/network_crypto_internal.h
View File

@ -140,7 +140,7 @@ public:
*/
X25519KeyExchangeOnlyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? RequestResult::ReadyForResponse : RequestResult::Invalid; }
virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; }
@ -249,7 +249,7 @@ public:
*/
X25519AuthorizedKeyClientHandler(const X25519SecretKey &secret_key) : X25519AuthenticationHandler(secret_key) {}
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? READY_FOR_RESPONSE : INVALID; }
virtual RequestResult ReceiveRequest(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveRequest(p) ? RequestResult::ReadyForResponse : RequestResult::Invalid; }
virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; }

6
src/network/network_server.cpp
View File

@ -952,13 +952,13 @@ NetworkRecvStatus ServerNetworkGameSocketHandler::Receive_CLIENT_AUTH_RESPONSE(P
auto authentication_method = this->authentication_handler->GetAuthenticationMethod();
switch (this->authentication_handler->ReceiveResponse(p)) {
case NetworkAuthenticationServerHandler::AUTHENTICATED:
case NetworkAuthenticationServerHandler::ResponseResult::Authenticated:
break;
case NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD:
case NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod:
return this->SendAuthRequest();
case NetworkAuthenticationServerHandler::NOT_AUTHENTICATED:
case NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated:
default:
return this->SendError(GetErrorForAuthenticationMethod(authentication_method));
}

34
src/tests/test_network_crypto.cpp
View File

@ -86,7 +86,7 @@ TEST_CASE("Authentication_KeyExchangeOnly")
X25519KeyExchangeOnlyServerHandler server(X25519SecretKey::CreateRandom());
X25519KeyExchangeOnlyClientHandler client(X25519SecretKey::CreateRandom());
TestAuthentication(server, client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(server, client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
}
@ -97,21 +97,21 @@ static void TestAuthenticationPAKE(std::string server_password, std::string clie
X25519PAKEServerHandler server(X25519SecretKey::CreateRandom(), &server_password_provider);
X25519PAKEClientHandler client(X25519SecretKey::CreateRandom(), std::make_shared<TestPasswordRequestHandler>(client_password));
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
}
TEST_CASE("Authentication_PAKE")
{
SECTION("Correct password") {
TestAuthenticationPAKE("sikrit", "sikrit", NetworkAuthenticationServerHandler::AUTHENTICATED);
TestAuthenticationPAKE("sikrit", "sikrit", NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
}
SECTION("Empty password") {
TestAuthenticationPAKE("", "", NetworkAuthenticationServerHandler::AUTHENTICATED);
TestAuthenticationPAKE("", "", NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
}
SECTION("Wrong password") {
TestAuthenticationPAKE("sikrit", "secret", NetworkAuthenticationServerHandler::NOT_AUTHENTICATED);
TestAuthenticationPAKE("sikrit", "secret", NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated);
}
}
@ -126,7 +126,7 @@ static void TestAuthenticationAuthorizedKey(const X25519SecretKey &client_secret
X25519AuthorizedKeyServerHandler server(X25519SecretKey::CreateRandom(), &authorized_key_handler);
X25519AuthorizedKeyClientHandler client(client_secret_key);
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(server, client, expected_response_result, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
}
TEST_CASE("Authentication_AuthorizedKey")
@ -136,11 +136,11 @@ TEST_CASE("Authentication_AuthorizedKey")
auto invalid_client_public_key = X25519SecretKey::CreateRandom().CreatePublicKey();
SECTION("Correct public key") {
TestAuthenticationAuthorizedKey(client_secret_key, valid_client_public_key, NetworkAuthenticationServerHandler::AUTHENTICATED);
TestAuthenticationAuthorizedKey(client_secret_key, valid_client_public_key, NetworkAuthenticationServerHandler::ResponseResult::Authenticated);
}
SECTION("Incorrect public key") {
TestAuthenticationAuthorizedKey(client_secret_key, invalid_client_public_key, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED);
TestAuthenticationAuthorizedKey(client_secret_key, invalid_client_public_key, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated);
}
}
@ -175,39 +175,39 @@ TEST_CASE("Authentication_Combined")
SECTION("Invalid authorized keys, invalid password") {
auto server = NetworkAuthenticationServerHandler::Create(&invalid_password_provider, &invalid_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
}
SECTION("Invalid authorized keys, valid password") {
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &invalid_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::RETRY_NEXT_METHOD, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::RetryNextMethod, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
}
SECTION("Valid authorized keys, valid password") {
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &valid_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
}
SECTION("No authorized keys, invalid password") {
auto server = NetworkAuthenticationServerHandler::Create(&invalid_password_provider, &no_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::NOT_AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::NotAuthenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
}
SECTION("No authorized keys, valid password") {
auto server = NetworkAuthenticationServerHandler::Create(&valid_password_provider, &no_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::AWAIT_USER_INPUT);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::AwaitUserInput);
}
SECTION("No authorized keys, no password") {
auto server = NetworkAuthenticationServerHandler::Create(&no_password_provider, &no_authorized_key_handler);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(*server, *client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
}
}
@ -248,7 +248,7 @@ TEST_CASE("Encryption handling")
X25519KeyExchangeOnlyServerHandler server(X25519SecretKey::CreateRandom());
X25519KeyExchangeOnlyClientHandler client(X25519SecretKey::CreateRandom());
TestAuthentication(server, client, NetworkAuthenticationServerHandler::AUTHENTICATED, NetworkAuthenticationClientHandler::READY_FOR_RESPONSE);
TestAuthentication(server, client, NetworkAuthenticationServerHandler::ResponseResult::Authenticated, NetworkAuthenticationClientHandler::RequestResult::ReadyForResponse);
Packet packet(&mock_socket_handler, PacketType{});
server.SendEnableEncryption(packet);