feat: add first draft of DoS avoiding log

The concept is simple: Log messages are only emitted if the current log
level allows for it __and__ if the log message was caused by a trusted
party. The less trusted a party is, the less likely it is to cause
log messages. For example, error messages about broken input received
from an untrusted party are to be silently ignored, as to not allow
**anyone** to cause massive amounts of log messages.

Cargo.lock

@@ -1176,6 +1176,13 @@ dependencies = [
  "thiserror",
 ]
 
+[[package]]
+name = "rosenpass-log"
+version = "0.1.0"
+dependencies = [
+ "log",
+]
+
 [[package]]
 name = "rosenpass-oqs"
 version = "0.1.0"

Cargo.toml

@@ -13,6 +13,7 @@ members = [
     "fuzz",
     "secret-memory",
     "lenses",
+    "rosenpass-log",
 ]
 
 default-members = [

flake.nix

@@ -291,7 +291,6 @@
               ];
               buildPhase = ''
                 export HOME=$(mktemp -d)
-                export OSFONTDIR="$(kpsewhich --var-value TEXMF)/fonts/{opentype/public/nunito,truetype/google/noto}"
                 latexmk -r tex/CI.rc
               '';
               installPhase = ''

rosenpass-log/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "rosenpass-log"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+log.workspace = true

rosenpass-log/src/lib.rs

@@ -0,0 +1,110 @@
+#![allow(unused_macros)]
+/// Whenever a log event occurs, the cause of the event must be decided on. This cause will then
+/// be used to decide, if an actual log event is to be cause. The goal is to prevent especially
+/// external, unautherized entities from causing excessive loggin, which otherwise might open the
+/// door to MITM attacks
+pub enum Cause {
+    /// An unauthorized entitiy triggered this event via Network
+    ///
+    /// Example: a InitHello message in the rosenpass protocol
+    UnauthorizedNetwork,
+
+    /// An authorized entitity triggered this event via Network
+    ///
+    /// Example: a handshake was succesful (which asserts the peer is authorized)
+    AuthorizedNetwork,
+
+    /// A local entity like rosenpassctl triggered this event
+    ///
+    /// Example: the broker adds a new peer
+    LocalNetwork,
+
+    /// The user caused this event
+    ///
+    /// Examples:
+    /// - The process was started
+    /// - Ctrl+C was used to send sig SIGINT
+    User,
+
+    /// The developer wanted this in the log!
+    Developer,
+}
+
+// Rational: All events are to be displayed if trace level debugging is configured
+macro_rules! trace {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::trace!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: All events are to be displayed if debug level debugging is configured
+macro_rules! debug {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::debug!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only authorized causes shall be able to emit info messages
+macro_rules! info {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork => {},
+             AuthorizedNetwork | LocalNetwork | User | Developer => {
+                ::log::info!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only authorized causes shall be able to emit info messages
+macro_rules! warn {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork => {},
+            AuthorizedNetwork | LocalNetwork | User | Developer =>{
+                ::log::warn!($($tail)*);
+            }
+        }
+    }}
+}
+
+// Rational: Only local sources shall be able to cause errors to be displayed
+macro_rules! error {
+    ($cause:expr, $($tail:tt)* ) => {{
+        use crate::Cause::*;
+        match $cause {
+            UnauthorizedNetwork | AuthorizedNetwork => {},
+            LocalNetwork | User | Developer => {
+                ::log::error!($($tail)*);
+            }
+        }
+    }}
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn expand_all_macros() {
+        use Cause::*;
+
+        trace!(UnauthorizedNetwork, "beep");
+        debug!(UnauthorizedNetwork, "boop");
+        info!(LocalNetwork, "tock");
+        warn!(LocalNetwork, "möp");
+        error!(User, "knirsch");
+    }
+}

rosenpass/src/cli.rs

@@ -87,6 +87,15 @@ pub enum Cli {
         force: bool,
     },
 
+    /// Deprecated - use gen-keys instead
+    #[allow(rustdoc::broken_intra_doc_links)]
+    #[allow(rustdoc::invalid_html_tags)]
+    Keygen {
+        // NOTE yes, the legacy keygen argument initially really accepted "privet-key", not "secret-key"!
+        /// public-key <PATH> private-key <PATH>
+        args: Vec<String>,
+    },
+
     /// Validate a configuration
     Validate { config_files: Vec<PathBuf> },
 
@@ -119,6 +128,40 @@ impl Cli {
                 config::Rosenpass::example_config().store(config_file)?;
             }
 
+            // Deprecated - use gen-keys instead
+            Keygen { args } => {
+                log::warn!("The 'keygen' command is deprecated. Please use the 'gen-keys' command instead.");
+
+                let mut public_key: Option<PathBuf> = None;
+                let mut secret_key: Option<PathBuf> = None;
+
+                // Manual arg parsing, since clap wants to prefix flags with "--"
+                let mut args = args.into_iter();
+                loop {
+                    match (args.next().as_ref().map(String::as_str), args.next()) {
+                        (Some("private-key"), Some(opt)) | (Some("secret-key"), Some(opt)) => {
+                            secret_key = Some(opt.into());
+                        }
+                        (Some("public-key"), Some(opt)) => {
+                            public_key = Some(opt.into());
+                        }
+                        (Some(flag), _) => {
+                            bail!("Unknown option `{}`", flag);
+                        }
+                        (_, _) => break,
+                    };
+                }
+
+                if secret_key.is_none() {
+                    bail!("private-key is required");
+                }
+                if public_key.is_none() {
+                    bail!("public-key is required");
+                }
+
+                generate_and_save_keypair(secret_key.unwrap(), public_key.unwrap())?;
+            }
+
             GenKeys {
                 config_file,
                 public_key,
@@ -160,12 +203,7 @@ impl Cli {
                 }
 
                 // generate the keys and store them in files
-                let mut ssk = crate::protocol::SSk::random();
+                generate_and_save_keypair(skf, pkf)?;
-                let mut spk = crate::protocol::SPk::random();
-                StaticKem::keygen(ssk.secret_mut(), spk.secret_mut())?;
-
-                ssk.store_secret(skf)?;
-                spk.store_secret(pkf)?;
             }
 
             ExchangeConfig { config_file } => {
@@ -246,3 +284,12 @@ impl Cli {
         srv.event_loop()
     }
 }
+
+/// generate secret and public keys, store in files according to the paths passed as arguments
+fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
+    let mut ssk = crate::protocol::SSk::random();
+    let mut spk = crate::protocol::SPk::random();
+    StaticKem::keygen(ssk.secret_mut(), spk.secret_mut())?;
+    ssk.store_secret(secret_key)?;
+    spk.store_secret(public_key)
+}

rosenpass/src/main.rs

@@ -5,7 +5,8 @@ use std::process::exit;
 
 /// Catches errors, prints them through the logger, then exits
 pub fn main() {
-    env_logger::init();
+    // default to displaying warning and error log messages only
+    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("warn")).init();
 
     let res = attempt!({
         rosenpass_sodium::init()?;