Commit 21ae09c1 authored by Thomas Haller's avatar Thomas Haller

core: add assertions for network_id/stable_type

We require a network-id. Assert that it is set.

Also, we encode the stable-id as uint8. Thus, add
an assertion that we don't use more then 254 IDs.

If we ever make use of stable-type 255, we must extend
the encoding to allow for more values. The assertion
is there to catch that.
parent 46d53e11
......@@ -374,6 +374,8 @@ nm_fake_ndisc_new (int ifindex, const char *ifname)
NM_NDISC_IFINDEX, ifindex,
NM_NDISC_IFNAME, ifname,
NM_NDISC_NODE_TYPE, (int) NM_NDISC_NODE_TYPE_HOST,
NM_NDISC_STABLE_TYPE, (int) NM_UTILS_STABLE_TYPE_UUID,
NM_NDISC_NETWORK_ID, "fake",
NULL);
}
......
......@@ -550,6 +550,7 @@ nm_lndp_ndisc_new (NMPlatform *platform,
g_return_val_if_fail (NM_IS_PLATFORM (platform), NULL);
g_return_val_if_fail (!error || !*error, NULL);
g_return_val_if_fail (network_id, NULL);
if (!nm_platform_netns_push (platform, &netns))
return NULL;
......
......@@ -1054,6 +1054,7 @@ set_property (GObject *object, guint prop_id,
case PROP_NETWORK_ID:
/* construct-only */
priv->network_id = g_value_dup_string (value);
g_return_if_fail (priv->network_id);
break;
case PROP_ADDR_GEN_MODE:
/* construct-only */
......
......@@ -3268,7 +3268,7 @@ nm_utils_inet6_interface_identifier_to_token (NMUtilsIPv6IfaceId iid, char *buf)
/*****************************************************************************/
static gboolean
_set_stable_privacy (guint8 stable_type,
_set_stable_privacy (NMUtilsStableType stable_type,
struct in6_addr *addr,
const char *ifname,
const char *network_id,
......@@ -3282,7 +3282,8 @@ _set_stable_privacy (guint8 stable_type,
guint32 tmp[2];
gsize len = sizeof (digest);
g_return_val_if_fail (key_len, FALSE);
nm_assert (key_len);
nm_assert (network_id);
/* Documentation suggests that this can fail.
* Maybe in case of a missing algorithm in crypto library? */
......@@ -3296,6 +3297,11 @@ _set_stable_privacy (guint8 stable_type,
key_len = MIN (key_len, G_MAXUINT32);
if (stable_type != NM_UTILS_STABLE_TYPE_UUID) {
guint8 stable_type_uint8;
nm_assert (stable_type < (NMUtilsStableType) 255);
stable_type_uint8 = (guint8) stable_type;
/* Preferably, we would always like to include the stable-type,
* but for backward compatibility reasons, we cannot for UUID.
*
......@@ -3305,13 +3311,11 @@ _set_stable_privacy (guint8 stable_type,
* and the terminating '\0' of @network_id, it is unambigiously
* possible to revert the process and deduce the @stable_type.
*/
g_checksum_update (sum, &stable_type, sizeof (stable_type));
g_checksum_update (sum, &stable_type_uint8, sizeof (stable_type_uint8));
}
g_checksum_update (sum, addr->s6_addr, 8);
g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1);
if (!network_id)
network_id = "";
g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1);
tmp[0] = htonl (dad_counter);
tmp[1] = htonl (key_len);
......@@ -3329,7 +3333,7 @@ _set_stable_privacy (guint8 stable_type,
}
gboolean
nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
struct in6_addr *addr,
const char *ifname,
const char *network_id,
......@@ -3361,9 +3365,7 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
gs_free guint8 *secret_key = NULL;
gsize key_len = 0;
nm_assert (NM_IN_SET (stable_type,
NM_UTILS_STABLE_TYPE_UUID,
NM_UTILS_STABLE_TYPE_STABLE_ID));
g_return_val_if_fail (network_id, FALSE);
if (dad_counter >= RFC7217_IDGEN_RETRIES) {
g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
......@@ -3463,9 +3465,6 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
guint8 stable_type_uint8;
nm_assert (stable_id);
nm_assert (NM_IN_SET (stable_type,
NM_UTILS_STABLE_TYPE_UUID,
NM_UTILS_STABLE_TYPE_STABLE_ID));
nm_assert (secret_key);
sum = g_checksum_new (G_CHECKSUM_SHA256);
......@@ -3474,6 +3473,7 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
key_len = MIN (key_len, G_MAXUINT32);
nm_assert (stable_type < (NMUtilsStableType) 255);
stable_type_uint8 = stable_type;
g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8));
......
......@@ -362,13 +362,19 @@ gboolean nm_utils_get_ipv6_interface_identifier (NMLinkType link_type,
guint dev_id,
NMUtilsIPv6IfaceId *out_iid);
typedef enum { /*< skip >*/
typedef enum {
/* The stable type. Note that this value is encoded in the
* generated addresses, thus the numbers MUST not change.
*
* Also note, if we ever allocate ID 255, we must take care
* that nm_utils_ipv6_addr_set_stable_privacy() extends the
* uint8 encoding of this value. */
NM_UTILS_STABLE_TYPE_UUID = 0,
NM_UTILS_STABLE_TYPE_STABLE_ID = 1,
} NMUtilsStableType;
gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
struct in6_addr *addr,
const char *ifname,
const char *network_id,
......
......@@ -37,12 +37,12 @@ test_stable_privacy (void)
/* We get an address without the UUID. */
inet_pton (AF_INET6, "1::", &addr1);
nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
nmtst_assert_ip6_address (&addr1, "1::11aa:2530:9144:dafa");
/* We get a different address in a different network. */
inet_pton (AF_INET6, "2::", &addr1);
nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
nmtst_assert_ip6_address (&addr1, "2::338e:8d:c11:8726");
inet_pton (AF_INET6, "1234::", &addr1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment