feat: add first draft of DoS avoiding log

The concept is simple: Log messages are only emitted if the current log level allows for it __and__ if the log message was caused by a trusted party. The less trusted a party is, the less likely it is to cause log messages. For example, error messages about broken input received from an untrusted party are to be silently ignored, as to not allow **anyone** to cause massive amounts of log messages.
2025-12-12 07:40:30 -08:00 · 2023-12-23 01:34:36 +01:00
parent d84efa7422
commit 96bc5bfb2e
4 changed files with 127 additions and 0 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1176,6 +1176,13 @@ dependencies = [
 "thiserror",
 ]

+[[package]]
+name = "rosenpass-log"
+version = "0.1.0"
+dependencies = [
+ "log",
+]
+
 [[package]]
 name = "rosenpass-oqs"
 version = "0.1.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,6 +13,7 @@ members = [
    "fuzz",
    "secret-memory",
    "lenses",
+    "rosenpass-log",
 ]

 default-members = [
--- a/rosenpass-log/Cargo.toml
+++ b/rosenpass-log/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "rosenpass-log"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+log.workspace = true
--- a/rosenpass-log/src/lib.rs
+++ b/rosenpass-log/src/lib.rs
@@ -0,0 +1,110 @@
+#![allow(unused_macros)]
+/// Whenever a log event occurs, the cause of the event must be decided on. This cause will then
+/// be used to decide, if an actual log event is to be cause. The goal is to prevent especially
+/// external, unautherized entities from causing excessive loggin, which otherwise might open the
+/// door to MITM attacks
+pub enum Cause {
+    /// An unauthorized entitiy triggered this event via Network
+    ///
+    /// Example: a InitHello message in the rosenpass protocol
+    UnauthorizedNetwork,
+
+    /// An authorized entitity triggered this event via Network
+    ///
+    /// Example: a handshake was succesful (which asserts the peer is authorized)
+    AuthorizedNetwork,
+
+    /// A local entity like rosenpassctl triggered this event
+    ///
+    /// Example: the broker adds a new peer
+    LocalNetwork,
+
+    /// The user caused this event
+    ///
+    /// Examples:
+    /// - The process was started
+    /// - Ctrl+C was used to send sig SIGINT
+    User,
+
+    /// The developer wanted this in the log!
+    Developer,
+}
+
+// Rational: All events are to be displayed if trace level debugging is configured
+macro_rules! trace {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::trace!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: All events are to be displayed if debug level debugging is configured
+macro_rules! debug {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::debug!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only authorized causes shall be able to emit info messages
+macro_rules! info {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork => {},
+             AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::info!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only authorized causes shall be able to emit info messages
+macro_rules! warn {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork => {},
+            AuthorizedNetwork | LocalNetwork | User | Developer =>{
+                ::log::warn!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only local sources shall be able to cause errors to be displayed
+macro_rules! error {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork => {},
+            LocalNetwork | User | Developer => {
+                ::log::error!($($tail)*);
+            }
+        }
+    }}
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn expand_all_macros() {
+        use Cause::*;
+
+        trace!(UnauthorizedNetwork, "beep");
+        debug!(UnauthorizedNetwork, "boop");
+        info!(LocalNetwork, "tock");
+        warn!(LocalNetwork, "möp");
+        error!(User, "knirsch");
+    }
+}