core: add assertions for network_id/stable_type

We require a network-id. Assert that it is set.

Also, we encode the stable-id as uint8. Thus, add
an assertion that we don't use more then 254 IDs.

If we ever make use of stable-type 255, we must extend
the encoding to allow for more values. The assertion
is there to catch that.

6 files changed, 26 insertions, 16 deletions

diff --git a/src/ndisc/nm-fake-ndisc.c b/src/ndisc/nm-fake-ndisc.c
index f1ada6c0cd..7a9fb11079 100644
--- a/src/ndisc/nm-fake-ndisc.c
+++ b/src/ndisc/nm-fake-ndisc.c
@@ -374,6 +374,8 @@ nm_fake_ndisc_new (int ifindex, const char *ifname)
 	                     NM_NDISC_IFINDEX, ifindex,
 	                     NM_NDISC_IFNAME, ifname,
 	                     NM_NDISC_NODE_TYPE, (int) NM_NDISC_NODE_TYPE_HOST,
+	                     NM_NDISC_STABLE_TYPE, (int) NM_UTILS_STABLE_TYPE_UUID,
+	                     NM_NDISC_NETWORK_ID, "fake",
 	                     NULL);
 }
 
diff --git a/src/ndisc/nm-lndp-ndisc.c b/src/ndisc/nm-lndp-ndisc.c
index 9e5cdaa059..3bc1590ea8 100644
--- a/src/ndisc/nm-lndp-ndisc.c
+++ b/src/ndisc/nm-lndp-ndisc.c
@@ -550,6 +550,7 @@ nm_lndp_ndisc_new (NMPlatform *platform,
 
 	g_return_val_if_fail (NM_IS_PLATFORM (platform), NULL);
 	g_return_val_if_fail (!error || !*error, NULL);
+	g_return_val_if_fail (network_id, NULL);
 
 	if (!nm_platform_netns_push (platform, &netns))
 		return NULL;
diff --git a/src/ndisc/nm-ndisc.c b/src/ndisc/nm-ndisc.c
index 775bb61139..00f3104966 100644
--- a/src/ndisc/nm-ndisc.c
+++ b/src/ndisc/nm-ndisc.c
@@ -1054,6 +1054,7 @@ set_property (GObject *object, guint prop_id,
 	case PROP_NETWORK_ID:
 		/* construct-only */
 		priv->network_id = g_value_dup_string (value);
+		g_return_if_fail (priv->network_id);
 		break;
 	case PROP_ADDR_GEN_MODE:
 		/* construct-only */
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
index b5fbfe34f8..4654b950d6 100644
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@@ -3268,7 +3268,7 @@ nm_utils_inet6_interface_identifier_to_token (NMUtilsIPv6IfaceId iid, char *buf)
 /*****************************************************************************/
 
 static gboolean
-_set_stable_privacy (guint8 stable_type,
+_set_stable_privacy (NMUtilsStableType stable_type,
                      struct in6_addr *addr,
                      const char *ifname,
                      const char *network_id,
@@ -3282,7 +3282,8 @@ _set_stable_privacy (guint8 stable_type,
 	guint32 tmp[2];
 	gsize len = sizeof (digest);
 
-	g_return_val_if_fail (key_len, FALSE);
+	nm_assert (key_len);
+	nm_assert (network_id);
 
 	/* Documentation suggests that this can fail.
 	 * Maybe in case of a missing algorithm in crypto library? */
@@ -3296,6 +3297,11 @@ _set_stable_privacy (guint8 stable_type,
 	key_len = MIN (key_len, G_MAXUINT32);
 
 	if (stable_type != NM_UTILS_STABLE_TYPE_UUID) {
+		guint8 stable_type_uint8;
+
+		nm_assert (stable_type < (NMUtilsStableType) 255);
+		stable_type_uint8 = (guint8) stable_type;
+
 		/* Preferably, we would always like to include the stable-type,
 		 * but for backward compatibility reasons, we cannot for UUID.
 		 *
@@ -3305,13 +3311,11 @@ _set_stable_privacy (guint8 stable_type,
 		 * and the terminating '\0' of @network_id, it is unambigiously
 		 * possible to revert the process and deduce the @stable_type.
 		 */
-		g_checksum_update (sum, &stable_type, sizeof (stable_type));
+		g_checksum_update (sum, &stable_type_uint8, sizeof (stable_type_uint8));
 	}
 
 	g_checksum_update (sum, addr->s6_addr, 8);
 	g_checksum_update (sum, (const guchar *) ifname, strlen (ifname) + 1);
-	if (!network_id)
-		network_id = "";
 	g_checksum_update (sum, (const guchar *) network_id, strlen (network_id) + 1);
 	tmp[0] = htonl (dad_counter);
 	tmp[1] = htonl (key_len);
@@ -3329,7 +3333,7 @@ _set_stable_privacy (guint8 stable_type,
 }
 
 gboolean
-nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
+nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
                                             struct in6_addr *addr,
                                             const char *ifname,
                                             const char *network_id,
@@ -3361,9 +3365,7 @@ nm_utils_ipv6_addr_set_stable_privacy (NMUtilsStableType stable_type,
 	gs_free guint8 *secret_key = NULL;
 	gsize key_len = 0;
 
-	nm_assert (NM_IN_SET (stable_type,
-	                      NM_UTILS_STABLE_TYPE_UUID,
-	                      NM_UTILS_STABLE_TYPE_STABLE_ID));
+	g_return_val_if_fail (network_id, FALSE);
 
 	if (dad_counter >= RFC7217_IDGEN_RETRIES) {
 		g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
@@ -3463,9 +3465,6 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
 	guint8 stable_type_uint8;
 
 	nm_assert (stable_id);
-	nm_assert (NM_IN_SET (stable_type,
-	                      NM_UTILS_STABLE_TYPE_UUID,
-	                      NM_UTILS_STABLE_TYPE_STABLE_ID));
 	nm_assert (secret_key);
 
 	sum = g_checksum_new (G_CHECKSUM_SHA256);
@@ -3474,6 +3473,7 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type,
 
 	key_len = MIN (key_len, G_MAXUINT32);
 
+	nm_assert (stable_type < (NMUtilsStableType) 255);
 	stable_type_uint8 = stable_type;
 	g_checksum_update (sum, (const guchar *) &stable_type_uint8, sizeof (stable_type_uint8));
 
diff --git a/src/nm-core-utils.h b/src/nm-core-utils.h
index dc5f6a8f4d..25a59361fc 100644
--- a/src/nm-core-utils.h
+++ b/src/nm-core-utils.h
@@ -362,13 +362,19 @@ gboolean nm_utils_get_ipv6_interface_identifier (NMLinkType link_type,
                                                  guint dev_id,
                                                  NMUtilsIPv6IfaceId *out_iid);
 
-typedef enum { /*< skip >*/
+typedef enum {
+	/* The stable type. Note that this value is encoded in the
+	 * generated addresses, thus the numbers MUST not change.
+	 *
+	 * Also note, if we ever allocate ID 255, we must take care
+	 * that nm_utils_ipv6_addr_set_stable_privacy() extends the
+	 * uint8 encoding of this value. */
 	NM_UTILS_STABLE_TYPE_UUID = 0,
 	NM_UTILS_STABLE_TYPE_STABLE_ID = 1,
 } NMUtilsStableType;
 
 
-gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (guint8 stable_type,
+gboolean nm_utils_ipv6_addr_set_stable_privacy_impl (NMUtilsStableType stable_type,
                                                      struct in6_addr *addr,
                                                      const char *ifname,
                                                      const char *network_id,
diff --git a/src/tests/test-utils.c b/src/tests/test-utils.c
index cd05a36d9f..16eb3aeccf 100644
--- a/src/tests/test-utils.c
+++ b/src/tests/test-utils.c
@@ -37,12 +37,12 @@ test_stable_privacy (void)
 
 	/* We get an address without the UUID. */
 	inet_pton (AF_INET6, "1::", &addr1);
-	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
+	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
 	nmtst_assert_ip6_address (&addr1, "1::11aa:2530:9144:dafa");
 
 	/* We get a different address in a different network. */
 	inet_pton (AF_INET6, "2::", &addr1);
-	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", NULL, 384, (guint8 *) "key", 3, NULL);
+	nm_utils_ipv6_addr_set_stable_privacy_impl (NM_UTILS_STABLE_TYPE_UUID, &addr1, "eth666", "", 384, (guint8 *) "key", 3, NULL);
 	nmtst_assert_ip6_address (&addr1, "2::338e:8d:c11:8726");
 
 	inet_pton (AF_INET6, "1234::", &addr1);