fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-27 12:50:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

core: merge branch 'th/secret-key-to-host-id'

Browse source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/61

(cherry picked from commit ba1a7c1d21)
This commit is contained in:
Thomas Haller 2018-12-12 13:49:02 +01:00
commit dc18a00a18
5 changed files with 222 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
shared/nm-utils/nm-hash-utils.c
View file

@ -122,17 +122,17 @@ nm_hash_static (guint static_seed)
}
void
nm_hash_init (NMHashState *state, guint static_seed)
nm_hash_siphash42_init (CSipHash *h, guint static_seed)
{
const guint8 *g;
guint seed[HASH_KEY_SIZE_GUINT];
nm_assert (state);
nm_assert (h);
g = _get_hash_key ();
memcpy (seed, g, HASH_KEY_SIZE);
seed[0] ^= static_seed;
c_siphash_init (&state->_state, (const guint8 *) seed);
c_siphash_init (h, (const guint8 *) seed);
}
guint

62
shared/nm-utils/nm-hash-utils.h
View file

@ -25,6 +25,39 @@
#include "c-siphash/src/c-siphash.h"
#include "nm-macros-internal.h"
/*****************************************************************************/
void nm_hash_siphash42_init (CSipHash *h, guint static_seed);
/* Siphash24 of binary buffer @arr and @len, using the randomized seed from
* other NMHash functions.
*
* Note, that this is guaranteed to use siphash42 under the hood (contrary to
* all other NMHash API, which leave this undefined). That matters at the point,
* where the caller needs to be sure that a reasonably strong hasing algorithm
* is used. (Yes, NMHash is all about siphash24, but otherwise that is not promised
* anywhere).
*
* Another difference is, that this returns guint64 (not guint like other NMHash functions).
*
* Another difference is, that this may also return zero (not like nm_hash_complete()).
*
* Then, why not use c_siphash_hash() directly? Because this also uses the randomized,
* per-run hash-seed like nm_hash_init(). So, you get siphash24 with a random
* seed (which is cached for the current run of the program).
*/
static inline guint64
nm_hash_siphash42 (guint static_seed, const void *ptr, gsize n)
{
CSipHash h;
nm_hash_siphash42_init (&h, static_seed);
c_siphash_append (&h, ptr, n);
return c_siphash_finalize (&h);
}
/*****************************************************************************/
struct _NMHashState {
CSipHash _state;
};
@ -33,16 +66,33 @@ typedef struct _NMHashState NMHashState;
guint nm_hash_static (guint static_seed);
void nm_hash_init (NMHashState *state, guint static_seed);
static inline void
nm_hash_init (NMHashState *state, guint static_seed)
{
nm_assert (state);
nm_hash_siphash42_init (&state->_state, static_seed);
}
static inline guint64
nm_hash_complete_u64 (NMHashState *state)
{
nm_assert (state);
/* this returns the native u64 hash value. Note that this differs
* from nm_hash_complete() in two ways:
*
* - the type, guint64 vs. guint.
* - nm_hash_complete() never returns zero. */
return c_siphash_finalize (&state->_state);
}
static inline guint
nm_hash_complete (NMHashState *state)
{
guint64 h;
nm_assert (state);
h = c_siphash_finalize (&state->_state);
h = nm_hash_complete_u64 (state);
/* we don't ever want to return a zero hash.
*
@ -218,8 +268,8 @@ guint nm_str_hash (gconstpointer str);
({ \
NMHashState _h; \
\
nm_hash_init (&_h, static_seed); \
nm_hash_update_val (&_h, val); \
nm_hash_init (&_h, (static_seed)); \
nm_hash_update_val (&_h, (val)); \
nm_hash_complete (&_h); \
})

40
src/devices/nm-device.c
View file

@ -1289,7 +1289,7 @@ _get_stable_id (NMDevice *self,
stable_type = nm_utils_stable_id_parse (stable_id,
nm_device_get_ip_iface (self),
!hwaddr_is_fake ? hwaddr : NULL,
nm_utils_get_boot_id_str (),
nm_utils_boot_id_str (),
uuid,
&generated);
@ -7552,8 +7552,8 @@ dhcp4_get_client_id (NMDevice *self,
NMUtilsStableType stable_type;
const char *stable_id;
guint32 salted_header;
const guint8 *secret_key;
gsize secret_key_len;
const guint8 *host_id;
gsize host_id_len;
stable_id = _get_stable_id (self, connection, &stable_type);
if (!stable_id)
@ -7561,12 +7561,12 @@ dhcp4_get_client_id (NMDevice *self,
salted_header = htonl (2011610591 + stable_type);
nm_utils_secret_key_get (&secret_key, &secret_key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
sum = g_checksum_new (G_CHECKSUM_SHA1);
g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header));
g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1);
g_checksum_update (sum, (const guchar *) secret_key, secret_key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest);
client_id_buf = g_malloc (1 + 15);
@ -8339,15 +8339,8 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
if (nm_streq (duid, "ll")) {
duid_out = generate_duid_ll (g_bytes_get_data (hwaddr, NULL));
} else {
gint64 time;
time = nm_utils_secret_key_get_timestamp ();
if (!time) {
duid_error = "cannot retrieve the secret key timestamp";
goto out_fail;
}
duid_out = generate_duid_llt (g_bytes_get_data (hwaddr, NULL), time);
duid_out = generate_duid_llt (g_bytes_get_data (hwaddr, NULL),
nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NS_PER_SECOND);
}
goto out_good;
@ -8358,8 +8351,8 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
NMUtilsStableType stable_type;
const char *stable_id = NULL;
guint32 salted_header;
const guint8 *secret_key;
gsize secret_key_len;
const guint8 *host_id;
gsize host_id_len;
union {
guint8 sha256[NM_UTILS_CHECKSUM_LENGTH_SHA256];
guint8 hwaddr[ETH_ALEN];
@ -8376,12 +8369,12 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
salted_header = htonl (670531087 + stable_type);
nm_utils_secret_key_get (&secret_key, &secret_key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
sum = g_checksum_new (G_CHECKSUM_SHA256);
g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header));
g_checksum_update (sum, (const guchar *) stable_id, -1);
g_checksum_update (sum, (const guchar *) secret_key, secret_key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest.sha256);
G_STATIC_ASSERT_EXPR (sizeof (digest) == sizeof (digest.sha256));
@ -8393,15 +8386,12 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
#define EPOCH_DATETIME_THREE_YEARS (356 * 24 * 3600 * 3)
/* We want a variable time between the secret_key timestamp and three years
/* We want a variable time between the host_id timestamp and three years
* before. Let's compute the time (in seconds) from 0 to 3 years; then we'll
* subtract it from the secret_key timestamp.
* subtract it from the host_id timestamp.
*/
time = nm_utils_secret_key_get_timestamp ();
if (!time) {
duid_error = "cannot retrieve the secret key timestamp";
goto out_fail;
}
time = nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NS_PER_SECOND;
/* don't use too old timestamps. They cannot be expressed in DUID-LLT and
* would all be truncated to zero. */
time = NM_MAX (time, EPOCH_DATETIME_200001010000 + EPOCH_DATETIME_THREE_YEARS);

210
src/nm-core-utils.c
View file

@ -2657,7 +2657,7 @@ again:
return NULL;
}
if (nm_utils_secret_key_get (&seed_bin, &seed_len)) {
if (nm_utils_host_id_get (&seed_bin, &seed_len)) {
/* we have no valid machine-id. Generate a fake one by hashing
* the secret-key. This key is commonly persisted, so it should be
* stable accross reboots (despite having a broken system without
@ -2669,7 +2669,7 @@ again:
* to read/write the secret-key to disk. Fallback to boot-id. The boot-id
* itself may be fake and randomly generated ad-hoc, but that is as best
* as it gets. */
seed_bin = (const guint8 *) nm_utils_get_boot_id_bin ();
seed_bin = (const guint8 *) nm_utils_boot_id_bin ();
seed_len = sizeof (NMUuid);
fake_type = "boot-id";
hash_seed = "7ff0c8f5-5399-4901-ab63-61bf594abe8b";
@ -2727,10 +2727,53 @@ nm_utils_machine_id_is_fake (void)
#define SECRET_KEY_V2_PREFIX "nm-v2:"
#define SECRET_KEY_FILE NMSTATEDIR"/secret_key"
static gboolean
_host_id_read_timestamp (gboolean use_secret_key_file,
const guint8 *host_id,
gsize host_id_len,
gint64 *out_timestamp_ns)
{
struct stat st;
gint64 now;
guint64 v;
if ( use_secret_key_file
&& stat (SECRET_KEY_FILE, &st) == 0) {
/* don't check for overflow or timestamps in the future. We get whatever
* (bogus) date is on the file. */
*out_timestamp_ns = (st.st_mtim.tv_sec * NM_UTILS_NS_PER_SECOND) + st.st_mtim.tv_nsec;
return TRUE;
}
/* generate a fake timestamp based on the host-id.
*
* This really should never happen under normal circumstances. We already
* are in a code path, where the system has a problem (unable to get good randomness
* and/or can't access the secret_key). In such a scenario, a fake timestamp is the
* least of our problems.
*
* At least, generate something sensible so we don't have to worry about the
* timestamp. It is wrong to worry about using a fake timestamp (which is tied to
* the secret_key) if we are unable to access the secret_key file in the first place.
*
* Pick a random timestamp from the past two years. Yes, this timestamp
* is not stable accross restarts, but apparently neither is the host-id
* nor the secret_key itself. */
#define EPOCH_TWO_YEARS (G_GINT64_CONSTANT (2 * 365 * 24 * 3600) * NM_UTILS_NS_PER_SECOND)
v = nm_hash_siphash42 (1156657133u, host_id, host_id_len);
now = time (NULL);
*out_timestamp_ns = NM_MAX ((gint64) 1,
(now * NM_UTILS_NS_PER_SECOND) - ((gint64) (v % ((guint64) (EPOCH_TWO_YEARS)))));
return FALSE;
}
static const guint8 *
_secret_key_hash_v2 (const guint8 *seed_arr,
gsize seed_len,
guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */)
_host_id_hash_v2 (const guint8 *seed_arr,
gsize seed_len,
guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */)
{
nm_auto_free_checksum GChecksum *sum = g_checksum_new (G_CHECKSUM_SHA256);
const UuidData *machine_id_data;
@ -2758,8 +2801,8 @@ _secret_key_hash_v2 (const guint8 *seed_arr,
}
static gboolean
_secret_key_read (guint8 **out_key,
gsize *out_key_len)
_host_id_read (guint8 **out_host_id,
gsize *out_host_id_len)
{
#define SECRET_KEY_LEN 32u
guint8 sha256_digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
@ -2797,7 +2840,7 @@ _secret_key_read (guint8 **out_key,
* except that it seems simpler not to distinguish between the v2 prefix and the content.
* It's all just part of the seed. */
secret_arr = _secret_key_hash_v2 (file_content.bin, file_content.len, sha256_digest);
secret_arr = _host_id_hash_v2 (file_content.bin, file_content.len, sha256_digest);
secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256;
success = TRUE;
goto out;
@ -2842,7 +2885,7 @@ _secret_key_read (guint8 **out_key,
&base64_save);
nm_assert (len <= sizeof (new_content));
secret_arr = _secret_key_hash_v2 (new_content, len, sha256_digest);
secret_arr = _host_id_hash_v2 (new_content, len, sha256_digest);
secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256;
if (!success)
@ -2866,59 +2909,84 @@ _secret_key_read (guint8 **out_key,
}
out:
*out_key_len = secret_len;
*out_key = nm_memdup (secret_arr, secret_len);
*out_host_id_len = secret_len;
*out_host_id = nm_memdup (secret_arr, secret_len);
return success;
}
typedef struct {
guint8 *secret_key;
gsize key_len;
guint8 *host_id;
gsize host_id_len;
gint64 timestamp_ns;
bool is_good:1;
} SecretKeyData;
bool timestamp_is_good:1;
} HostIdData;
gboolean
nm_utils_secret_key_get (const guint8 **out_secret_key,
gsize *out_key_len)
static const HostIdData *
_host_id_get (void)
{
static const SecretKeyData *volatile secret_key_static;
const SecretKeyData *secret_key;
static const HostIdData *volatile host_id_static;
const HostIdData *host_id;
again:
secret_key = g_atomic_pointer_get (&secret_key_static);
if (G_UNLIKELY (!secret_key)) {
static SecretKeyData secret_key_data;
host_id = g_atomic_pointer_get (&host_id_static);
if (G_UNLIKELY (!host_id)) {
static HostIdData host_id_data;
static gsize init_value = 0;
if (!g_once_init_enter (&init_value))
goto again;
secret_key_data.is_good = _secret_key_read (&secret_key_data.secret_key,
&secret_key_data.key_len);
secret_key = &secret_key_data;
g_atomic_pointer_set (&secret_key_static, secret_key);
host_id_data.is_good = _host_id_read (&host_id_data.host_id,
&host_id_data.host_id_len);
host_id_data.timestamp_is_good = _host_id_read_timestamp (host_id_data.is_good,
host_id_data.host_id,
host_id_data.host_id_len,
&host_id_data.timestamp_ns);
if ( !host_id_data.timestamp_is_good
&& host_id_data.is_good)
nm_log_warn (LOGD_CORE, "secret-key: failure reading host timestamp (use fake one)");
host_id = &host_id_data;
g_atomic_pointer_set (&host_id_static, host_id);
g_once_init_leave (&init_value, 1);
}
*out_secret_key = secret_key->secret_key;
*out_key_len = secret_key->key_len;
return secret_key->is_good;
return host_id;
}
/**
* nm_utils_host_id_get:
* @out_host_id: (out) (transfer none): the binary host key
* @out_host_id_len: the length of the host key.
*
* This returns a per-host key that depends on /var/lib/NetworkManage/secret_key
* and (depending on the version) on /etc/machine-id. If /var/lib/NetworkManage/secret_key
* does not exist, it will be generated and persisted for next boot.
*
* Returns: %TRUE, if the host key is "good". Note that this function
* will always succeed to return a host-key, and that this key
* won't change during the run of the program (no matter what).
* A %FALSE return possibly means, that the secret_key is not persisted
* to disk, and/or that it was generated with bad randomness.
*/
gboolean
nm_utils_host_id_get (const guint8 **out_host_id,
gsize *out_host_id_len)
{
const HostIdData *host_id;
host_id = _host_id_get ();
*out_host_id = host_id->host_id;
*out_host_id_len = host_id->host_id_len;
return host_id->is_good;
}
gint64
nm_utils_secret_key_get_timestamp (void)
nm_utils_host_id_get_timestamp_ns (void)
{
struct stat stat_buf;
const guint8 *key;
gsize key_len;
if (!nm_utils_secret_key_get (&key, &key_len))
return 0;
if (stat (SECRET_KEY_FILE, &stat_buf) != 0)
return 0;
return stat_buf.st_mtim.tv_sec;
return _host_id_get ()->timestamp_ns;
}
/*****************************************************************************/
@ -2960,13 +3028,13 @@ again:
}
const char *
nm_utils_get_boot_id_str (void)
nm_utils_boot_id_str (void)
{
return _boot_id_get ()->str;
}
const NMUuid *
nm_utils_get_boot_id_bin (void)
nm_utils_boot_id_bin (void)
{
return &_boot_id_get ()->bin;
}
@ -3379,20 +3447,20 @@ _set_stable_privacy (NMUtilsStableType stable_type,
const char *ifname,
const char *network_id,
guint32 dad_counter,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
GError **error)
{
nm_auto_free_checksum GChecksum *sum = NULL;
guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256];
guint32 tmp[2];
nm_assert (key_len);
nm_assert (host_id_len);
nm_assert (network_id);
sum = g_checksum_new (G_CHECKSUM_SHA256);
key_len = MIN (key_len, G_MAXUINT32);
host_id_len = MIN (host_id_len, G_MAXUINT32);
if (stable_type != NM_UTILS_STABLE_TYPE_UUID) {
guint8 stable_type_uint8;
@ -3405,7 +3473,7 @@ _set_stable_privacy (NMUtilsStableType stable_type,
*
* That is no real problem and it is still impossible to
* force a collision here, because of how the remaining
* fields are hashed. That is, as we also hash @key_len
* fields are hashed. That is, as we also hash @host_id_len
* and the terminating '\0' of @network_id, it is unambigiously
* possible to revert the process and deduce the @stable_type.
*/
@ -3416,9 +3484,9 @@ _set_stable_privacy (NMUtilsStableType stable_type,
g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1);
g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1);
tmp[0] = htonl (dad_counter);
tmp[1] = htonl (key_len);
tmp[1] = htonl (host_id_len);
g_checksum_update (sum, (const guchar *) tmp, sizeof (tmp));
g_checksum_update (sum, (const guchar *) secret_key, key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
nm_utils_checksum_get_digest (sum, digest);
while (_is_reserved_ipv6_iid (digest)) {
@ -3439,11 +3507,11 @@ nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
const char *ifname,
const char *network_id,
guint32 dad_counter,
guint8 *secret_key,
gsize key_len,
guint8 *host_id,
gsize host_id_len,
GError **error)
{
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, secret_key, key_len, error);
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, host_id, host_id_len, error);
}
#define RFC7217_IDGEN_RETRIES 3
@ -3463,8 +3531,8 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
guint32 dad_counter,
GError **error)
{
const guint8 *secret_key;
gsize key_len;
const guint8 *host_id;
gsize host_id_len;
g_return_val_if_fail (network_id, FALSE);
@ -3474,10 +3542,10 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
return FALSE;
}
nm_utils_secret_key_get (&secret_key, &key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter,
secret_key, key_len, error);
host_id, host_id_len, error);
}
/*****************************************************************************/
@ -3549,8 +3617,8 @@ nm_utils_hw_addr_gen_random_eth (const char *current_mac_address,
static char *
_hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask)
@ -3562,19 +3630,19 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
guint8 stable_type_uint8;
nm_assert (stable_id);
nm_assert (secret_key);
nm_assert (host_id);
sum = g_checksum_new (G_CHECKSUM_SHA256);
key_len = MIN (key_len, G_MAXUINT32);
host_id_len = MIN (host_id_len, G_MAXUINT32);
nm_assert (stable_type < (NMUtilsStableType) 255);
stable_type_uint8 = stable_type;
g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8));
tmp = htonl ((guint32) key_len);
tmp = htonl ((guint32) host_id_len);
g_checksum_update (sum, (const guchar *) &tmp, sizeof (tmp));
g_checksum_update (sum, (const guchar *) secret_key, key_len);
g_checksum_update (sum, (const guchar *) host_id, host_id_len);
g_checksum_update (sum, (const guchar *) (ifname ?: ""), ifname ? (strlen (ifname) + 1) : 1);
g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1);
@ -3588,13 +3656,13 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
char *
nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask)
{
return _hw_addr_gen_stable_eth (stable_type, stable_id, secret_key, key_len, ifname, current_mac_address, generate_mac_address_mask);
return _hw_addr_gen_stable_eth (stable_type, stable_id, host_id, host_id_len, ifname, current_mac_address, generate_mac_address_mask);
}
char *
@ -3604,17 +3672,17 @@ nm_utils_hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
const char *current_mac_address,
const char *generate_mac_address_mask)
{
const guint8 *secret_key;
gsize key_len;
const guint8 *host_id;
gsize host_id_len;
g_return_val_if_fail (stable_id, NULL);
nm_utils_secret_key_get (&secret_key, &key_len);
nm_utils_host_id_get (&host_id, &host_id_len);
return _hw_addr_gen_stable_eth (stable_type,
stable_id,
secret_key,
key_len,
host_id,
host_id_len,
ifname,
current_mac_address,
generate_mac_address_mask);

18
src/nm-core-utils.h
View file

@ -286,12 +286,12 @@ const char *nm_utils_machine_id_str (void);
const struct _NMUuid *nm_utils_machine_id_bin (void);
gboolean nm_utils_machine_id_is_fake (void);
const char *nm_utils_get_boot_id_str (void);
const struct _NMUuid *nm_utils_get_boot_id_bin (void);
const char *nm_utils_boot_id_str (void);
const struct _NMUuid *nm_utils_boot_id_bin (void);
gboolean nm_utils_secret_key_get (const guint8 **out_secret_key,
gsize *out_key_len);
gint64 nm_utils_secret_key_get_timestamp (void);
gboolean nm_utils_host_id_get (const guint8 **out_host_id,
gsize *out_host_id_len);
gint64 nm_utils_host_id_get_timestamp_ns (void);
/* IPv6 Interface Identifier helpers */
@ -359,8 +359,8 @@ gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_ty
const char *ifname,
const char *network_id,
guint32 dad_counter,
guint8 *secret_key,
gsize key_len,
guint8 *host_id,
gsize host_id_len,
GError **error);
gboolean nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType id_type,
@ -374,8 +374,8 @@ char *nm_utils_hw_addr_gen_random_eth (const char *current_mac_address,
const char *generate_mac_address_mask);
char *nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type,
const char *stable_id,
const guint8 *secret_key,
gsize key_len,
const guint8 *host_id,
gsize host_id_len,
const char *ifname,
const char *current_mac_address,
const char *generate_mac_address_mask);