From 6ffcd263177d01a528a89709609f06550ecded9b Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 12 Dec 2018 10:10:38 +0100 Subject: core/trivial: rename secret-key to host-key Now that the secret-key is hashed with the machine-id, the name is no longer best. Sure, part of the key are persisted in /var/lib/NetworkManager/secret_key file, which the user is well advised to keep secret. But what nm_utils_secret_key_get() returns is first and foremost a binary key that is per-host and used for hashing a per-host component. It's really the "host-id". Compare that to what we also have, the "machine-id" and the "boot-id". Rename. --- src/devices/nm-device.c | 24 ++++----- src/nm-core-utils.c | 133 +++++++++++++++++++++++++++--------------------- src/nm-core-utils.h | 14 ++--- 3 files changed, 93 insertions(+), 78 deletions(-) diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 97330b2e68..ab30a4dbf3 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -7647,8 +7647,8 @@ dhcp4_get_client_id (NMDevice *self, NMUtilsStableType stable_type; const char *stable_id; guint32 salted_header; - const guint8 *secret_key; - gsize secret_key_len; + const guint8 *host_id; + gsize host_id_len; stable_id = _get_stable_id (self, connection, &stable_type); if (!stable_id) @@ -7656,12 +7656,12 @@ dhcp4_get_client_id (NMDevice *self, salted_header = htonl (2011610591 + stable_type); - nm_utils_secret_key_get (&secret_key, &secret_key_len); + nm_utils_host_id_get (&host_id, &host_id_len); sum = g_checksum_new (G_CHECKSUM_SHA1); g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header)); g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1); - g_checksum_update (sum, (const guchar *) secret_key, secret_key_len); + g_checksum_update (sum, (const guchar *) host_id, host_id_len); nm_utils_checksum_get_digest (sum, digest); client_id_buf = g_malloc (1 + 15); @@ -8436,7 +8436,7 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole } else { gint64 time; - time = nm_utils_secret_key_get_timestamp (); + time = nm_utils_host_id_get_timestamp (); if (!time) { duid_error = "cannot retrieve the secret key timestamp"; goto out_fail; @@ -8453,8 +8453,8 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole NMUtilsStableType stable_type; const char *stable_id = NULL; guint32 salted_header; - const guint8 *secret_key; - gsize secret_key_len; + const guint8 *host_id; + gsize host_id_len; union { guint8 sha256[NM_UTILS_CHECKSUM_LENGTH_SHA256]; guint8 hwaddr[ETH_ALEN]; @@ -8471,12 +8471,12 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole salted_header = htonl (670531087 + stable_type); - nm_utils_secret_key_get (&secret_key, &secret_key_len); + nm_utils_host_id_get (&host_id, &host_id_len); sum = g_checksum_new (G_CHECKSUM_SHA256); g_checksum_update (sum, (const guchar *) &salted_header, sizeof (salted_header)); g_checksum_update (sum, (const guchar *) stable_id, -1); - g_checksum_update (sum, (const guchar *) secret_key, secret_key_len); + g_checksum_update (sum, (const guchar *) host_id, host_id_len); nm_utils_checksum_get_digest (sum, digest.sha256); G_STATIC_ASSERT_EXPR (sizeof (digest) == sizeof (digest.sha256)); @@ -8488,11 +8488,11 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole #define EPOCH_DATETIME_THREE_YEARS (356 * 24 * 3600 * 3) - /* We want a variable time between the secret_key timestamp and three years + /* We want a variable time between the host_id timestamp and three years * before. Let's compute the time (in seconds) from 0 to 3 years; then we'll - * subtract it from the secret_key timestamp. + * subtract it from the host_id timestamp. */ - time = nm_utils_secret_key_get_timestamp (); + time = nm_utils_host_id_get_timestamp (); if (!time) { duid_error = "cannot retrieve the secret key timestamp"; goto out_fail; diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index 064cfef41d..bf009e1d91 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2455,7 +2455,7 @@ again: return NULL; } - if (nm_utils_secret_key_get (&seed_bin, &seed_len)) { + if (nm_utils_host_id_get (&seed_bin, &seed_len)) { /* we have no valid machine-id. Generate a fake one by hashing * the secret-key. This key is commonly persisted, so it should be * stable accross reboots (despite having a broken system without @@ -2526,9 +2526,9 @@ nm_utils_machine_id_is_fake (void) #define SECRET_KEY_FILE NMSTATEDIR"/secret_key" static const guint8 * -_secret_key_hash_v2 (const guint8 *seed_arr, - gsize seed_len, - guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */) +_host_id_hash_v2 (const guint8 *seed_arr, + gsize seed_len, + guint8 *out_digest /* 32 bytes (NM_UTILS_CHECKSUM_LENGTH_SHA256) */) { nm_auto_free_checksum GChecksum *sum = g_checksum_new (G_CHECKSUM_SHA256); const UuidData *machine_id_data; @@ -2556,8 +2556,8 @@ _secret_key_hash_v2 (const guint8 *seed_arr, } static gboolean -_secret_key_read (guint8 **out_key, - gsize *out_key_len) +_host_id_read (guint8 **out_host_id, + gsize *out_host_id_len) { #define SECRET_KEY_LEN 32u guint8 sha256_digest[NM_UTILS_CHECKSUM_LENGTH_SHA256]; @@ -2595,7 +2595,7 @@ _secret_key_read (guint8 **out_key, * except that it seems simpler not to distinguish between the v2 prefix and the content. * It's all just part of the seed. */ - secret_arr = _secret_key_hash_v2 (file_content.bin, file_content.len, sha256_digest); + secret_arr = _host_id_hash_v2 (file_content.bin, file_content.len, sha256_digest); secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256; success = TRUE; goto out; @@ -2640,7 +2640,7 @@ _secret_key_read (guint8 **out_key, &base64_save); nm_assert (len <= sizeof (new_content)); - secret_arr = _secret_key_hash_v2 (new_content, len, sha256_digest); + secret_arr = _host_id_hash_v2 (new_content, len, sha256_digest); secret_len = NM_UTILS_CHECKSUM_LENGTH_SHA256; if (!success) @@ -2664,53 +2664,68 @@ _secret_key_read (guint8 **out_key, } out: - *out_key_len = secret_len; - *out_key = nm_memdup (secret_arr, secret_len); + *out_host_id_len = secret_len; + *out_host_id = nm_memdup (secret_arr, secret_len); return success; } typedef struct { - guint8 *secret_key; - gsize key_len; + guint8 *host_id; + gsize host_id_len; bool is_good:1; -} SecretKeyData; +} HostIdData; +/** + * nm_utils_host_id_get: + * @out_host_id: (out) (transfer none): the binary host key + * @out_host_id_len: the length of the host key. + * + * This returns a per-host key that depends on /var/lib/NetworkManage/secret_key + * and (depending on the version) on /etc/machine-id. If /var/lib/NetworkManage/secret_key + * does not exist, it will be generated and persisted for next boot. + * + * Returns: %TRUE, if the host key is "good". Note that this function + * will always succeed to return a host-key, and that this key + * won't change during the run of the program (no matter what). + * A %FALSE return possibly means, that the secret_key is not persisted + * to disk, and/or that it was generated with bad randomness. + */ gboolean -nm_utils_secret_key_get (const guint8 **out_secret_key, - gsize *out_key_len) +nm_utils_host_id_get (const guint8 **out_host_id, + gsize *out_host_id_len) { - static const SecretKeyData *volatile secret_key_static; - const SecretKeyData *secret_key; + static const HostIdData *volatile host_id_static; + const HostIdData *host_id; again: - secret_key = g_atomic_pointer_get (&secret_key_static); - if (G_UNLIKELY (!secret_key)) { - static SecretKeyData secret_key_data; + host_id = g_atomic_pointer_get (&host_id_static); + if (G_UNLIKELY (!host_id)) { + static HostIdData host_id_data; static gsize init_value = 0; if (!g_once_init_enter (&init_value)) goto again; - secret_key_data.is_good = _secret_key_read (&secret_key_data.secret_key, - &secret_key_data.key_len); - secret_key = &secret_key_data; - g_atomic_pointer_set (&secret_key_static, secret_key); + host_id_data.is_good = _host_id_read (&host_id_data.host_id, + &host_id_data.host_id_len); + host_id = &host_id_data; + g_atomic_pointer_set (&host_id_static, host_id); g_once_init_leave (&init_value, 1); } - *out_secret_key = secret_key->secret_key; - *out_key_len = secret_key->key_len; - return secret_key->is_good; + *out_host_id = host_id->host_id; + *out_host_id_len = host_id->host_id_len; + return host_id->is_good; } gint64 -nm_utils_secret_key_get_timestamp (void) +nm_utils_host_id_get_timestamp (void) { struct stat stat_buf; - const guint8 *key; - gsize key_len; + const guint8 *host_id; + gsize host_id_len; - if (!nm_utils_secret_key_get (&key, &key_len)) + if (!nm_utils_host_id_get (&host_id, &host_id_len)) return 0; if (stat (SECRET_KEY_FILE, &stat_buf) != 0) @@ -3177,20 +3192,20 @@ _set_stable_privacy (NMUtilsStableType stable_type, const char *ifname, const char *network_id, guint32 dad_counter, - const guint8 *secret_key, - gsize key_len, + const guint8 *host_id, + gsize host_id_len, GError **error) { nm_auto_free_checksum GChecksum *sum = NULL; guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256]; guint32 tmp[2]; - nm_assert (key_len); + nm_assert (host_id_len); nm_assert (network_id); sum = g_checksum_new (G_CHECKSUM_SHA256); - key_len = MIN (key_len, G_MAXUINT32); + host_id_len = MIN (host_id_len, G_MAXUINT32); if (stable_type != NM_UTILS_STABLE_TYPE_UUID) { guint8 stable_type_uint8; @@ -3203,7 +3218,7 @@ _set_stable_privacy (NMUtilsStableType stable_type, * * That is no real problem and it is still impossible to * force a collision here, because of how the remaining - * fields are hashed. That is, as we also hash @key_len + * fields are hashed. That is, as we also hash @host_id_len * and the terminating '\0' of @network_id, it is unambigiously * possible to revert the process and deduce the @stable_type. */ @@ -3214,9 +3229,9 @@ _set_stable_privacy (NMUtilsStableType stable_type, g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1); g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1); tmp[0] = htonl (dad_counter); - tmp[1] = htonl (key_len); + tmp[1] = htonl (host_id_len); g_checksum_update (sum, (const guchar *) tmp, sizeof (tmp)); - g_checksum_update (sum, (const guchar *) secret_key, key_len); + g_checksum_update (sum, (const guchar *) host_id, host_id_len); nm_utils_checksum_get_digest (sum, digest); while (_is_reserved_ipv6_iid (digest)) { @@ -3237,11 +3252,11 @@ nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type, const char *ifname, const char *network_id, guint32 dad_counter, - guint8 *secret_key, - gsize key_len, + guint8 *host_id, + gsize host_id_len, GError **error) { - return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, secret_key, key_len, error); + return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, host_id, host_id_len, error); } #define RFC7217_IDGEN_RETRIES 3 @@ -3261,8 +3276,8 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type, guint32 dad_counter, GError **error) { - const guint8 *secret_key; - gsize key_len; + const guint8 *host_id; + gsize host_id_len; g_return_val_if_fail (network_id, FALSE); @@ -3272,10 +3287,10 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type, return FALSE; } - nm_utils_secret_key_get (&secret_key, &key_len); + nm_utils_host_id_get (&host_id, &host_id_len); return _set_stable_privacy (stable_type, addr, ifname, network_id, dad_counter, - secret_key, key_len, error); + host_id, host_id_len, error); } /*****************************************************************************/ @@ -3347,8 +3362,8 @@ nm_utils_hw_addr_gen_random_eth (const char *current_mac_address, static char * _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, const char *stable_id, - const guint8 *secret_key, - gsize key_len, + const guint8 *host_id, + gsize host_id_len, const char *ifname, const char *current_mac_address, const char *generate_mac_address_mask) @@ -3360,19 +3375,19 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, guint8 stable_type_uint8; nm_assert (stable_id); - nm_assert (secret_key); + nm_assert (host_id); sum = g_checksum_new (G_CHECKSUM_SHA256); - key_len = MIN (key_len, G_MAXUINT32); + host_id_len = MIN (host_id_len, G_MAXUINT32); nm_assert (stable_type < (NMUtilsStableType) 255); stable_type_uint8 = stable_type; g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8)); - tmp = htonl ((guint32) key_len); + tmp = htonl ((guint32) host_id_len); g_checksum_update (sum, (const guchar *) &tmp, sizeof (tmp)); - g_checksum_update (sum, (const guchar *) secret_key, key_len); + g_checksum_update (sum, (const guchar *) host_id, host_id_len); g_checksum_update (sum, (const guchar *) (ifname ?: ""), ifname ? (strlen (ifname) + 1) : 1); g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1); @@ -3386,13 +3401,13 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, char * nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type, const char *stable_id, - const guint8 *secret_key, - gsize key_len, + const guint8 *host_id, + gsize host_id_len, const char *ifname, const char *current_mac_address, const char *generate_mac_address_mask) { - return _hw_addr_gen_stable_eth (stable_type, stable_id, secret_key, key_len, ifname, current_mac_address, generate_mac_address_mask); + return _hw_addr_gen_stable_eth (stable_type, stable_id, host_id, host_id_len, ifname, current_mac_address, generate_mac_address_mask); } char * @@ -3402,17 +3417,17 @@ nm_utils_hw_addr_gen_stable_eth (NMUtilsStableType stable_type, const char *current_mac_address, const char *generate_mac_address_mask) { - const guint8 *secret_key; - gsize key_len; + const guint8 *host_id; + gsize host_id_len; g_return_val_if_fail (stable_id, NULL); - nm_utils_secret_key_get (&secret_key, &key_len); + nm_utils_host_id_get (&host_id, &host_id_len); return _hw_addr_gen_stable_eth (stable_type, stable_id, - secret_key, - key_len, + host_id, + host_id_len, ifname, current_mac_address, generate_mac_address_mask); diff --git a/src/nm-core-utils.h b/src/nm-core-utils.h index d75ef9ae48..4f1a2bad54 100644 --- a/src/nm-core-utils.h +++ b/src/nm-core-utils.h @@ -278,9 +278,9 @@ gboolean nm_utils_machine_id_is_fake (void); const char *nm_utils_get_boot_id_str (void); const struct _NMUuid *nm_utils_get_boot_id_bin (void); -gboolean nm_utils_secret_key_get (const guint8 **out_secret_key, - gsize *out_key_len); -gint64 nm_utils_secret_key_get_timestamp (void); +gboolean nm_utils_host_id_get (const guint8 **out_host_id, + gsize *out_host_id_len); +gint64 nm_utils_host_id_get_timestamp (void); /* IPv6 Interface Identifier helpers */ @@ -348,8 +348,8 @@ gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_ty const char *ifname, const char *network_id, guint32 dad_counter, - guint8 *secret_key, - gsize key_len, + guint8 *host_id, + gsize host_id_len, GError **error); gboolean nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType id_type, @@ -363,8 +363,8 @@ char *nm_utils_hw_addr_gen_random_eth (const char *current_mac_address, const char *generate_mac_address_mask); char *nm_utils_hw_addr_gen_stable_eth_impl (NMUtilsStableType stable_type, const char *stable_id, - const guint8 *secret_key, - gsize key_len, + const guint8 *host_id, + gsize host_id_len, const char *ifname, const char *current_mac_address, const char *generate_mac_address_mask); -- cgit v1.2.1