From fef2baf041a708d63b7b8eeb66e983cefb7d03ec Mon Sep 17 00:00:00 2001 From: Rubidium Date: Thu, 6 Feb 2025 16:19:01 +0100 Subject: [PATCH] Codechange: make NetworkAuthenticationMethodMask an EnumBitSet --- src/network/network_admin.cpp | 4 ++-- src/network/network_crypto.cpp | 12 ++++++------ src/network/network_crypto.h | 14 +++++++------- src/network/network_crypto_internal.h | 12 ++++++------ src/network/network_server.cpp | 4 ++-- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/network/network_admin.cpp b/src/network/network_admin.cpp index ba2d7b8632..530225111a 100644 --- a/src/network/network_admin.cpp +++ b/src/network/network_admin.cpp @@ -802,10 +802,10 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_JOIN_SECURE(Pac this->admin_name = p.Recv_string(NETWORK_CLIENT_NAME_LENGTH); this->admin_version = p.Recv_string(NETWORK_REVISION_LENGTH); - NetworkAuthenticationMethodMask method_mask = p.Recv_uint16(); + NetworkAuthenticationMethodMask method_mask{p.Recv_uint16()}; /* Always exclude key exchange only, as that provides no credential checking. */ - ClrBit(method_mask, NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY); + method_mask.Reset(NetworkAuthenticationMethod::X25519_KeyExchangeOnly); if (this->admin_name.empty() || this->admin_version.empty()) { /* No name or version supplied. */ diff --git a/src/network/network_crypto.cpp b/src/network/network_crypto.cpp index 783a5e398c..8bd67ab3e3 100644 --- a/src/network/network_crypto.cpp +++ b/src/network/network_crypto.cpp @@ -386,7 +386,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler:: /* virtual */ NetworkAuthenticationMethod CombinedAuthenticationClientHandler::GetAuthenticationMethod() const { - return this->current_handler != nullptr ? this->current_handler->GetAuthenticationMethod() : NETWORK_AUTH_METHOD_END; + return this->current_handler != nullptr ? this->current_handler->GetAuthenticationMethod() : NetworkAuthenticationMethod::End; } @@ -406,7 +406,7 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle { Debug(net, 9, "Sending {} authentication request", this->GetName()); - p.Send_uint8(this->handlers.back()->GetAuthenticationMethod()); + p.Send_uint8(to_underlying(this->handlers.back()->GetAuthenticationMethod())); this->handlers.back()->SendRequest(p); } @@ -428,7 +428,7 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle /* virtual */ NetworkAuthenticationMethod CombinedAuthenticationServerHandler::GetAuthenticationMethod() const { - return this->CanBeUsed() ? this->handlers.back()->GetAuthenticationMethod() : NETWORK_AUTH_METHOD_END; + return this->CanBeUsed() ? this->handlers.back()->GetAuthenticationMethod() : NetworkAuthenticationMethod::End; } /* virtual */ bool CombinedAuthenticationServerHandler::CanBeUsed() const @@ -479,15 +479,15 @@ std::unique_ptr NetworkAuthenticationServerH { auto secret = X25519SecretKey::CreateRandom(); auto handler = std::make_unique(); - if (password_provider != nullptr && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_PAKE)) { + if (password_provider != nullptr && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_PAKE)) { handler->Add(std::make_unique(secret, password_provider)); } - if (authorized_key_handler != nullptr && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY)) { + if (authorized_key_handler != nullptr && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_AuthorizedKey)) { handler->Add(std::make_unique(secret, authorized_key_handler)); } - if (!handler->CanBeUsed() && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY)) { + if (!handler->CanBeUsed() && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_KeyExchangeOnly)) { /* Fall back to the plain handler when neither password, nor authorized keys are configured. */ handler->Add(std::make_unique(secret)); } diff --git a/src/network/network_crypto.h b/src/network/network_crypto.h index 8db3f96f07..acb9646c82 100644 --- a/src/network/network_crypto.h +++ b/src/network/network_crypto.h @@ -174,15 +174,15 @@ public: /** The authentication method that can be used. */ -enum NetworkAuthenticationMethod : uint8_t { - NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY, ///< No actual authentication is taking place, just perform a x25519 key exchange. This method is not supported for the admin connection. - NETWORK_AUTH_METHOD_X25519_PAKE, ///< Authentication using x25519 password-authenticated key agreement. - NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY, ///< Authentication using x22519 key exchange and authorized keys. - NETWORK_AUTH_METHOD_END, ///< Must ALWAYS be on the end of this list!! (period) +enum class NetworkAuthenticationMethod : uint8_t { + X25519_KeyExchangeOnly, ///< No actual authentication is taking place, just perform a x25519 key exchange. This method is not supported for the admin connection. + X25519_PAKE, ///< Authentication using x25519 password-authenticated key agreement. + X25519_AuthorizedKey, ///< Authentication using x22519 key exchange and authorized keys. + End, ///< Must ALWAYS be on the end of this list!! (period) }; /** The mask of authentication methods that can be used. */ -using NetworkAuthenticationMethodMask = uint16_t; +using NetworkAuthenticationMethodMask = EnumBitSet; /** * Base class for cryptographic authentication handlers. @@ -296,7 +296,7 @@ public: */ virtual std::string GetPeerPublicKey() const = 0; - static std::unique_ptr Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = ~static_cast(0)); + static std::unique_ptr Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = {NetworkAuthenticationMethod::X25519_KeyExchangeOnly, NetworkAuthenticationMethod::X25519_PAKE, NetworkAuthenticationMethod::X25519_AuthorizedKey}); }; #endif /* NETWORK_CRYPTO_H */ diff --git a/src/network/network_crypto_internal.h b/src/network/network_crypto_internal.h index 8ddee7e656..753d0eb796 100644 --- a/src/network/network_crypto_internal.h +++ b/src/network/network_crypto_internal.h @@ -144,7 +144,7 @@ public: virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); } virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_KeyExchangeOnly; } virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); } virtual std::unique_ptr CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); } @@ -168,7 +168,7 @@ public: virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, {}); } virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-server"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_KeyExchangeOnly; } virtual bool CanBeUsed() const override { return true; } virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); } @@ -198,7 +198,7 @@ public: virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, this->handler->password); } virtual std::string_view GetName() const override { return "X25519-PAKE-client"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_PAKE; } virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); } virtual std::unique_ptr CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); } @@ -225,7 +225,7 @@ public: virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, this->password_provider->GetPassword()); } virtual std::string_view GetName() const override { return "X25519-PAKE-server"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_PAKE; } virtual bool CanBeUsed() const override { return !this->password_provider->GetPassword().empty(); } virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); } @@ -253,7 +253,7 @@ public: virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); } virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_AuthorizedKey; } virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); } virtual std::unique_ptr CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); } @@ -283,7 +283,7 @@ public: virtual ResponseResult ReceiveResponse(struct Packet &p) override; virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-server"; } - virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; } + virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_AuthorizedKey; } virtual bool CanBeUsed() const override { return this->authorized_key_handler->CanBeUsed(); } virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); } diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp index 1133ebd2ab..6ed1797677 100644 --- a/src/network/network_server.cpp +++ b/src/network/network_server.cpp @@ -932,9 +932,9 @@ NetworkRecvStatus ServerNetworkGameSocketHandler::Receive_CLIENT_IDENTIFY(Packet static NetworkErrorCode GetErrorForAuthenticationMethod(NetworkAuthenticationMethod method) { switch (method) { - case NETWORK_AUTH_METHOD_X25519_PAKE: + case NetworkAuthenticationMethod::X25519_PAKE: return NETWORK_ERROR_WRONG_PASSWORD; - case NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY: + case NetworkAuthenticationMethod::X25519_AuthorizedKey: return NETWORK_ERROR_NOT_ON_ALLOW_LIST; default: