diff options
| author | James O'Beirne <[email protected]> | 2015-09-07 15:22:23 -0700 |
|---|---|---|
| committer | James O'Beirne <[email protected]> | 2015-10-06 07:46:10 -0700 |
| commit | 42cb388167ef78f47a3a440eb651b6938c10f508 (patch) | |
| tree | 5030db533bf8e2c8231b9df00865528a6f6b5706 /src/leveldbwrapper.cpp | |
| parent | Merge pull request #6620 (diff) | |
| download | discoin-42cb388167ef78f47a3a440eb651b6938c10f508.tar.xz discoin-42cb388167ef78f47a3a440eb651b6938c10f508.zip | |
Add chainstate obfuscation to avoid spurious antivirus detection
Adds an `obfuscate` parameter to `CLevelDBWrapper` and makes use of it
for all new chainstate stores built via `CCoinsViewDB`. Also adds an
`Xor` method to `CDataStream`.
Thanks to @sipa @laanwj @pstratem @dexX7 @KyrosKrane @gmaxwell.
Diffstat (limited to 'src/leveldbwrapper.cpp')
| -rw-r--r-- | src/leveldbwrapper.cpp | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/src/leveldbwrapper.cpp b/src/leveldbwrapper.cpp index 26cacf95a..ce96b5c8a 100644 --- a/src/leveldbwrapper.cpp +++ b/src/leveldbwrapper.cpp @@ -5,6 +5,7 @@ #include "leveldbwrapper.h" #include "util.h" +#include "random.h" #include <boost/filesystem.hpp> @@ -12,6 +13,7 @@ #include <leveldb/env.h> #include <leveldb/filter_policy.h> #include <memenv.h> +#include <stdint.h> void HandleError(const leveldb::Status& status) throw(leveldb_error) { @@ -43,7 +45,7 @@ static leveldb::Options GetOptions(size_t nCacheSize) return options; } -CLevelDBWrapper::CLevelDBWrapper(const boost::filesystem::path& path, size_t nCacheSize, bool fMemory, bool fWipe) +CLevelDBWrapper::CLevelDBWrapper(const boost::filesystem::path& path, size_t nCacheSize, bool fMemory, bool fWipe, bool obfuscate) { penv = NULL; readoptions.verify_checksums = true; @@ -67,6 +69,25 @@ CLevelDBWrapper::CLevelDBWrapper(const boost::filesystem::path& path, size_t nCa leveldb::Status status = leveldb::DB::Open(options, path.string(), &pdb); HandleError(status); LogPrintf("Opened LevelDB successfully\n"); + + // The base-case obfuscation key, which is a noop. + obfuscate_key = std::vector<unsigned char>(OBFUSCATE_KEY_NUM_BYTES, '\000'); + + bool key_exists = Read(OBFUSCATE_KEY_KEY, obfuscate_key); + + if (!key_exists && obfuscate && IsEmpty()) { + // Initialize non-degenerate obfuscation if it won't upset + // existing, non-obfuscated data. + std::vector<unsigned char> new_key = CreateObfuscateKey(); + + // Write `new_key` so we don't obfuscate the key with itself + Write(OBFUSCATE_KEY_KEY, new_key); + obfuscate_key = new_key; + + LogPrintf("Wrote new obfuscate key for %s: %s\n", path.string(), GetObfuscateKeyHex()); + } + + LogPrintf("Using obfuscation key for %s: %s\n", path.string(), GetObfuscateKeyHex()); } CLevelDBWrapper::~CLevelDBWrapper() @@ -87,3 +108,40 @@ bool CLevelDBWrapper::WriteBatch(CLevelDBBatch& batch, bool fSync) throw(leveldb HandleError(status); return true; } + +// Prefixed with null character to avoid collisions with other keys +// +// We must use a string constructor which specifies length so that we copy +// past the null-terminator. +const std::string CLevelDBWrapper::OBFUSCATE_KEY_KEY("\000obfuscate_key", 14); + +const unsigned int CLevelDBWrapper::OBFUSCATE_KEY_NUM_BYTES = 8; + +/** + * Returns a string (consisting of 8 random bytes) suitable for use as an + * obfuscating XOR key. + */ +std::vector<unsigned char> CLevelDBWrapper::CreateObfuscateKey() const +{ + unsigned char buff[OBFUSCATE_KEY_NUM_BYTES]; + GetRandBytes(buff, OBFUSCATE_KEY_NUM_BYTES); + return std::vector<unsigned char>(&buff[0], &buff[OBFUSCATE_KEY_NUM_BYTES]); + +} + +bool CLevelDBWrapper::IsEmpty() +{ + boost::scoped_ptr<leveldb::Iterator> it(NewIterator()); + it->SeekToFirst(); + return !(it->Valid()); +} + +const std::vector<unsigned char>& CLevelDBWrapper::GetObfuscateKey() const +{ + return obfuscate_key; +} + +std::string CLevelDBWrapper::GetObfuscateKeyHex() const +{ + return HexStr(obfuscate_key); +} |