summaryrefslogtreecommitdiff
path: root/b0/a3069fab718e0ce608ff4ae421b347326c84f8
blob: c4a7361a3ba88d57dd8fe78c6530fc9fe250a390 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
Return-Path: <james.obeirne@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 6D5E91E20
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  7 Oct 2015 23:32:25 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com
	[209.85.213.178])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4D0351C5
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  7 Oct 2015 23:32:23 +0000 (UTC)
Received: by igcpe7 with SMTP id pe7so1258482igc.0
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 07 Oct 2015 16:32:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type;
	bh=NEgaVDirrgYWL4kC7MGRhNpr6syoUgQI+6T4ATTw3pU=;
	b=0OoffmsHcgPpJD5NMGwpErjC7cb3B10aLlybLpJ7f/YzKJDQIdQ9iKc98gL8judKjW
	TXaYvvdy3/C97wJO+uEJtBd3HQPsehAzDzGeqybIw/s35G6BH11DGJHtMeAxGR5dPYV0
	GDQ6N2J4Q3qhhxm48zVTLr1orBXJlptws7PuXflP4t5pHms+3zyxGTL1Xz8mkFcRKtt3
	SMKItm+t/gjwhNDrqus2t5Doy7mbXQj3J4XiyO8slq0WVv3oDfgMnTm/M4wrVkK41S5G
	r7pI1cVnpOsWSSseBsOoM+ahQBq6WTHpYTIF18LbUBUpES71p9mpIYR1/VnhMeOyhimZ
	amdQ==
X-Received: by 10.50.41.1 with SMTP id b1mr370273igl.3.1444260742830; Wed, 07
	Oct 2015 16:32:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.195.131 with HTTP; Wed, 7 Oct 2015 16:32:03 -0700 (PDT)
In-Reply-To: <56155572.5040501@domob.eu>
References: <56155572.5040501@domob.eu>
From: "James O'Beirne" <james.obeirne@gmail.com>
Date: Wed, 7 Oct 2015 16:32:03 -0700
Message-ID: <CAPfvXfLw25J_mXn6b9QO_VDTU3EoVP9zxt7bbN0RF+2coYAdJA@mail.gmail.com>
To: Daniel Kraft <d@domob.eu>
Content-Type: multipart/alternative; boundary=089e011763518a242805218c28fd
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] The new obfuscation patch & GetStats
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2015 23:32:25 -0000

--089e011763518a242805218c28fd
Content-Type: text/plain; charset=UTF-8

Hey, Daniel.

Patch author here. Thanks for the diligence; I think this indeed may be an
oversight, though I'm going to need to look into a bit more thoroughly at
home. Curious that it didn't fail any of the automated tests.

Correct me if I'm wrong, but the only actual invocation of that method is
here
<https://github.com/bitcoin/bitcoin/blob/master/src/rpcblockchain.cpp#L448>
(and even then, proxied through a few layers of CCoinView-machinery). In
fact, this line
<https://github.com/bitcoin/bitcoin/blob/master/src/coins.cpp#L48> makes me
suspect that the implementation of GetStats you reference may be dead code.

In any case, you raise a good point: if users of CLevelDBWrapper go
directly for the iterator, they run the risk of dealing with obfuscated
data. This should be remedied somehow.

I'll give it more look this evening.

Thanks again for the find,
James

On Wed, Oct 7, 2015 at 10:25 AM, Daniel Kraft via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi!
>
> I hope this is not a stupid question, but I thought I'd ask here first
> instead of opening a Github ticket (in case I'm wrong).
>
> With the recently merged "obfuscation" patch, content of the
> "chainstate" LevelDB is obfuscated by XOR'ing against a random "key".
> This is handled by CLevelDBWrapper's Read/Write methods, which probably
> cover most of the usecases.
>
> *However*, shouldn't it also be handled when iterating over the
> database?  In particular, I would expect that the obfuscation key is
> applied before line 119 in txdb.cpp (i. e., while iterating over the
> coin database in CCoinsViewDB::GetStats).
>
> Is there a reason why this need not be done there, or is this an actual
> oversight?
>
> Yours,
> Daniel
>
> --
> http://www.domob.eu/
> OpenPGP: 1142 850E 6DFF 65BA 63D6  88A8 B249 2AC4 A733 0737
> Namecoin: id/domob -> https://nameid.org/?name=domob
> --
> Done:  Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz
> To go: Mon-Pri
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

--089e011763518a242805218c28fd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hey, Daniel.<div><br></div><div>Patch author here. Thanks =
for the diligence; I think this indeed may be an oversight, though I&#39;m =
going to need to look into a bit more thoroughly at home. Curious that it d=
idn&#39;t fail any of the automated tests.</div><div><br></div><div>Correct=
 me if I&#39;m wrong, but the only actual invocation of that method is <a h=
ref=3D"https://github.com/bitcoin/bitcoin/blob/master/src/rpcblockchain.cpp=
#L448">here</a> (and even then, proxied through a few layers of CCoinView-m=
achinery). In fact, <a href=3D"https://github.com/bitcoin/bitcoin/blob/mast=
er/src/coins.cpp#L48">this line</a> makes me suspect that the implementatio=
n of GetStats you reference may be dead code.</div><div><br></div><div>In a=
ny case, you raise a good point: if users of CLevelDBWrapper go directly fo=
r the iterator, they run the risk of dealing with obfuscated data. This sho=
uld be remedied somehow.</div><div><br></div><div>I&#39;ll give it more loo=
k this evening.</div><div><br></div><div>Thanks again for the find,</div><d=
iv>James</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quot=
e">On Wed, Oct 7, 2015 at 10:25 AM, Daniel Kraft via bitcoin-dev <span dir=
=3D"ltr">&lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" targe=
t=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>&gt;</span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex">Hi!<br>
<br>
I hope this is not a stupid question, but I thought I&#39;d ask here first<=
br>
instead of opening a Github ticket (in case I&#39;m wrong).<br>
<br>
With the recently merged &quot;obfuscation&quot; patch, content of the<br>
&quot;chainstate&quot; LevelDB is obfuscated by XOR&#39;ing against a rando=
m &quot;key&quot;.<br>
This is handled by CLevelDBWrapper&#39;s Read/Write methods, which probably=
<br>
cover most of the usecases.<br>
<br>
*However*, shouldn&#39;t it also be handled when iterating over the<br>
database?=C2=A0 In particular, I would expect that the obfuscation key is<b=
r>
applied before line 119 in txdb.cpp (i. e., while iterating over the<br>
coin database in CCoinsViewDB::GetStats).<br>
<br>
Is there a reason why this need not be done there, or is this an actual<br>
oversight?<br>
<br>
Yours,<br>
Daniel<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
<a href=3D"http://www.domob.eu/" rel=3D"noreferrer" target=3D"_blank">http:=
//www.domob.eu/</a><br>
OpenPGP: 1142 850E 6DFF 65BA 63D6=C2=A0 88A8 B249 2AC4 A733 0737<br>
Namecoin: id/domob -&gt; <a href=3D"https://nameid.org/?name=3Ddomob" rel=
=3D"noreferrer" target=3D"_blank">https://nameid.org/?name=3Ddomob</a><br>
--<br>
Done:=C2=A0 Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz<br>
To go: Mon-Pri<br>
<br>
</font></span><br>_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
<br></blockquote></div><br></div>

--089e011763518a242805218c28fd--