fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-06 03:50:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core/trivial: rename secret-key to host-key

Browse source 
Now that the secret-key is hashed with the machine-id, the name is
no longer best.

Sure, part of the key are persisted in /var/lib/NetworkManager/secret_key
file, which the user is well advised to keep secret.

But what nm_utils_secret_key_get() returns is first and foremost a binary
key that is per-host and used for hashing a per-host component. It's
really the "host-id". Compare that to what we also have, the
"machine-id" and the "boot-id".

Rename.
This commit is contained in:
Thomas Haller 2018-12-12 10:10:38 +01:00
parent db791db4e1
commit 6ffcd26317
3 changed files with 93 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/devices/nm-device.c
View file

@ -7647,8 +7647,8 @@ dhcp4_get_client_id (NMDevice *self,
NMUtilsStableType stable_type;
const char *stable_id;
guint32 salted_header;
const guint8 *secret_key;
gsize secret_key_len;
const guint8 *host_id;
gsize host_id_len;
stable_id = _get_stable_id (self, connection, &stable_type);
if (!stable_id)
@ -7656,12 +7656,12 @@ dhcp4_get_client_id (NMDevice *self,
salted_header = htonl (2011610591 + stable_type);
nm_utils_secret_key_get (&secret_key, &secret_key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
sum = g_checksum_new (G_CHECKSUM_SHA1);
g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header));
g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1);
g_checksum_update (sum, (const guchar *) secret_key, secret_key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest);
client_id_buf = g_malloc (1 + 15);
@ -8436,7 +8436,7 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
} else {
gint64 time;
time = nm_utils_secret_key_get_timestamp ();
time = nm_utils_host_id_get_timestamp ();
if (!time) {
duid_error = "cannot retrieve the secret key timestamp";
goto out_fail;
@ -8453,8 +8453,8 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
NMUtilsStableType stable_type;
const char *stable_id = NULL;
guint32 salted_header;
const guint8 *secret_key;
gsize secret_key_len;
const guint8 *host_id;
gsize host_id_len;
union {
guint8 sha256[NM_UTILS_CHECKSUM_LENGTH_SHA256];
guint8 hwaddr[ETH_ALEN];
@ -8471,12 +8471,12 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
salted_header = htonl (670531087 + stable_type);
nm_utils_secret_key_get (&secret_key, &secret_key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
sum = g_checksum_new (G_CHECKSUM_SHA256);
g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header));
g_checksum_update (sum, (const guchar *) stable_id, -1);
g_checksum_update (sum, (const guchar *) secret_key, secret_key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest.sha256);
G_STATIC_ASSERT_EXPR (sizeof (digest) == sizeof (digest.sha256));
@ -8488,11 +8488,11 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
#define EPOCH_DATETIME_THREE_YEARS (356 * 24 * 3600 * 3)
/* We want a variable time between the secret_key timestamp and three years
/* We want a variable time between the host_id timestamp and three years
* before. Let's compute the time (in seconds) from 0 to 3 years; then we'll
* subtract it from the secret_key timestamp.
* subtract it from the host_id timestamp.
*/
time = nm_utils_secret_key_get_timestamp ();
time = nm_utils_host_id_get_timestamp ();
if (!time) {
duid_error = "cannot retrieve the secret key timestamp";
goto out_fail;

133
src/nm-core-utils.c
View file

@ -2455,7 +2455,7 @@ again:
return NULL;
}
if (nm_utils_secret_key_get (&seed_bin, &seed_len)) {
if (nm_utils_host_id_get (&seed_bin, &seed_len)) {
/* we have no valid machine-id. Generate a fake one by hashing
* the secret-key. This key is commonly persisted, so it should be
* stable accross reboots (despite having a broken system without
@ -2526,9 +2526,9 @@ nm_utils_machine_id_is_fake (void)
#define SECRET_KEY_FILE NMSTATEDIR"/secret_key"
static const guint8 *
_secret_key_hash_v2 (const guint8 *seed_arr,
gsize seed_len,
guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */)
_host_id_hash_v2 (const guint8 *seed_arr,
gsize seed_len,
guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */)
{
nm_auto_free_checksum GChecksum *sum = g_checksum_new (G_CHECKSUM_SHA256);
const UuidData *machine_id_data;
@ -2556,8 +2556,8 @@ _secret_key_hash_v2 (const guint8 *seed_arr,
}
static gboolean
_secret_key_read (guint8 **out_key,
gsize *out_key_len)
_host_id_read (guint8 **out_host_id,
gsize *out_host_id_len)
{
#define SECRET_KEY_LEN 32u
guint8 sha256_digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
@ -2595,7 +2595,7 @@ _secret_key_read (guint8 **out_key,
* except that it seems simpler not to distinguish between the v2 prefix and the content.
* It's all just part of the seed. */
secret_arr = _secret_key_hash_v2 (file_content.bin, file_content.len, sha256_digest);
secret_arr = _host_id_hash_v2 (file_content.bin, file_content.len, sha256_digest);
secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256;
success = TRUE;
goto out;
@ -2640,7 +2640,7 @@ _secret_key_read (guint8 **out_key,
&base64_save);
nm_assert (len <= sizeof (new_content));
secret_arr = _secret_key_hash_v2 (new_content, len, sha256_digest);
secret_arr = _host_id_hash_v2 (new_content, len, sha256_digest);
secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256;
if (!success)
@ -2664,53 +2664,68 @@ _secret_key_read (guint8 **out_key,
}
out:
*out_key_len = secret_len;
*out_key = nm_memdup (secret_arr, secret_len);
*out_host_id_len = secret_len;
*out_host_id = nm_memdup (secret_arr, secret_len);
return success;
}
typedef struct {
guint8 *secret_key;
gsize key_len;
guint8 *host_id;
gsize host_id_len;
bool is_good:1;
} SecretKeyData;
} HostIdData;
/**
* nm_utils_host_id_get:
* @out_host_id: (out) (transfer none): the binary host key
* @out_host_id_len: the length of the host key.
*
* This returns a per-host key that depends on /var/lib/NetworkManage/secret_key
* and (depending on the version) on /etc/machine-id. If /var/lib/NetworkManage/secret_key
* does not exist, it will be generated and persisted for next boot.
*
* Returns: %TRUE, if the host key is "good". Note that this function
* will always succeed to return a host-key, and that this key
* won't change during the run of the program (no matter what).
* A %FALSE return possibly means, that the secret_key is not persisted
* to disk, and/or that it was generated with bad randomness.
*/
gboolean
nm_utils_secret_key_get (const guint8 **out_secret_key,
gsize *out_key_len)
nm_utils_host_id_get (const guint8 **out_host_id,
gsize *out_host_id_len)
{
static const SecretKeyData *volatile secret_key_static;
const SecretKeyData *secret_key;
static const HostIdData *volatile host_id_static;
const HostIdData *host_id;
again:
secret_key = g_atomic_pointer_get (&secret_key_static);
if (G_UNLIKELY (!secret_key)) {
static SecretKeyData secret_key_data;
host_id = g_atomic_pointer_get (&host_id_static);
if (G_UNLIKELY (!host_id)) {
static HostIdData host_id_data;
static gsize init_value = 0;
if (!g_once_init_enter (&init_value))
goto again;
secret_key_data.is_good = _secret_key_read (&secret_key_data.secret_key,
&secret_key_data.key_len);
secret_key = &secret_key_data;
g_atomic_pointer_set (&secret_key_static, secret_key);
host_id_data.is_good = _host_id_read (&host_id_data.host_id,
&host_id_data.host_id_len);
host_id = &host_id_data;
g_atomic_pointer_set (&host_id_static, host_id);
g_once_init_leave (&init_value, 1);
}
*out_secret_key = secret_key->secret_key;
*out_key_len = secret_key->key_len;
return secret_key->is_good;
*out_host_id = host_id->host_id;
*out_host_id_len = host_id->host_id_len;
return host_id->is_good;
}
gint64
nm_utils_secret_key_get_timestamp (void)
nm_utils_host_id_get_timestamp (void)
{
struct stat stat_buf;
const guint8 *key;
gsize key_len;
const guint8 *host_id;
gsize host_id_len;
if (!nm_utils_secret_key_get (&key, &key_len))
if (!nm_utils_host_id_get (&host_id, &host_id_len))
return 0;
if (stat (SECRET_KEY_FILE, &stat_buf) != 0)
@ -3177,20 +3192,20 @@ _set_stable_privacy (NMUtilsStableType stable_type,
const char *ifname,
const char *network_id,
guint32 dad_counter,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
GError **error)
{
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
guint32 tmp[2];
nm_assert (key_len);
nm_assert (host_id_len);
nm_assert (network_id);
sum = g_checksum_new (G_CHECKSUM_SHA256);
key_len = MIN (key_len, G_MAXUINT32);
host_id_len = MIN (host_id_len, G_MAXUINT32);
if (stable_type != NM_UTILS_STABLE_TYPE_UUID) {
guint8 stable_type_uint8;
@ -3203,7 +3218,7 @@ _set_stable_privacy (NMUtilsStableType stable_type,
*
* That is no real problem and it is still impossible to
* force a collision here, because of how the remaining
* fields are hashed. That is, as we also hash @key_len
* fields are hashed. That is, as we also hash @host_id_len
* and the terminating '\0' of @network_id, it is unambigiously
* possible to revert the process and deduce the @stable_type.
*/
@ -3214,9 +3229,9 @@ _set_stable_privacy (NMUtilsStableType stable_type,
g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1);
g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1);
tmp[0] = htonl (dad_counter);
tmp[1] = htonl (key_len);
tmp[1] = htonl (host_id_len);
g_checksum_update (sum, (const guchar *) tmp, sizeof (tmp));
g_checksum_update (sum, (const guchar *) secret_key, key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest);
while (_is_reserved_ipv6_iid (digest)) {
@ -3237,11 +3252,11 @@ nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
const char *ifname,
const char *network_id,
guint32 dad_counter,
guint8 *secret_key,
gsize key_len,
guint8 *host_id,
gsize host_id_len,
GError **error)
{
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, secret_key, key_len, error);
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, host_id, host_id_len, error);
}
#define RFC7217_IDGEN_RETRIES 3
@ -3261,8 +3276,8 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
guint32 dad_counter,
GError **error)
{
const guint8 *secret_key;
gsize key_len;
const guint8 *host_id;
gsize host_id_len;
g_return_val_if_fail (network_id, FALSE);
@ -3272,10 +3287,10 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
return FALSE;
}
nm_utils_secret_key_get (&secret_key, &key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter,
secret_key, key_len, error);
host_id, host_id_len, error);
}
/*****************************************************************************/
@ -3347,8 +3362,8 @@ nm_utils_hw_addr_gen_random_eth (const char *current_mac_address,
static char *
_hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask)
@ -3360,19 +3375,19 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
guint8 stable_type_uint8;
nm_assert (stable_id);
nm_assert (secret_key);
nm_assert (host_id);
sum = g_checksum_new (G_CHECKSUM_SHA256);
key_len = MIN (key_len, G_MAXUINT32);
host_id_len = MIN (host_id_len, G_MAXUINT32);
nm_assert (stable_type < (NMUtilsStableType) 255);
stable_type_uint8 = stable_type;
g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8));
tmp = htonl ((guint32) key_len);
tmp = htonl ((guint32) host_id_len);
g_checksum_update (sum, (const guchar *) &tmp, sizeof (tmp));
g_checksum_update (sum, (const guchar *) secret_key, key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
g_checksum_update (sum, (const guchar *) (ifname ?: ""), ifname ? (strlen (ifname) + 1) : 1);
g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1);
@ -3386,13 +3401,13 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
char *
nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask)
{
return _hw_addr_gen_stable_eth (stable_type, stable_id, secret_key, key_len, ifname, current_mac_address, generate_mac_address_mask);
return _hw_addr_gen_stable_eth (stable_type, stable_id, host_id, host_id_len, ifname, current_mac_address, generate_mac_address_mask);
}
char *
@ -3402,17 +3417,17 @@ nm_utils_hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
const char *current_mac_address,
const char *generate_mac_address_mask)
{
const guint8 *secret_key;
gsize key_len;
const guint8 *host_id;
gsize host_id_len;
g_return_val_if_fail (stable_id, NULL);
nm_utils_secret_key_get (&secret_key, &key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
return _hw_addr_gen_stable_eth (stable_type,
stable_id,
secret_key,
key_len,
host_id,
host_id_len,
ifname,
current_mac_address,
generate_mac_address_mask);

14
src/nm-core-utils.h
View file

@ -278,9 +278,9 @@ gboolean nm_utils_machine_id_is_fake (void);
const char *nm_utils_get_boot_id_str (void);
const struct _NMUuid *nm_utils_get_boot_id_bin (void);
gboolean nm_utils_secret_key_get (const guint8 **out_secret_key,
gsize *out_key_len);
gint64 nm_utils_secret_key_get_timestamp (void);
gboolean nm_utils_host_id_get (const guint8 **out_host_id,
gsize *out_host_id_len);
gint64 nm_utils_host_id_get_timestamp (void);
/* IPv6 Interface Identifier helpers */
@ -348,8 +348,8 @@ gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_ty
const char *ifname,
const char *network_id,
guint32 dad_counter,
guint8 *secret_key,
gsize key_len,
guint8 *host_id,
gsize host_id_len,
GError **error);
gboolean nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType id_type,
@ -363,8 +363,8 @@ char *nm_utils_hw_addr_gen_random_eth (const char *current_mac_address,
const char *generate_mac_address_mask);
char *nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask);