Import from dnscrypt-wrapper

5 years ago · 1dd5ed07c1
parent e681e43070
commit 1dd5ed07c1
5 changed files with 46 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -9,6 +9,7 @@ A new server-side proxy for encrypted DNS, written in Rust, supporting:
 Distinctive features:

 - Trivial to set up. Keys, certificates and stamps are automatically created and renewed without requiring any external scripts.
+- Keys can be imported from `dnscrypt-wrapper`.
 - Serve all protocols on the same IP and port. Yes, you can serve both DNSCrypt and DoH on port 443.
 - Caching.
 - Anonymized DNSCrypt.
@ -17,4 +18,4 @@ Distinctive features:
 - Local filtering.
 - Windows support.

-# *** This is a work in progress - Nothing to see yet ***
+## *** This is a work in progress - Nothing to see yet ***
--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@ -72,7 +72,7 @@ tcp_max_active_connections = 100

 [dnscrypt]

-## Provider name (without the `2.dnscrypt.` prefixe)
+## Provider name (with or without the `2.dnscrypt-cert.` prefix)

 provider_name = "secure.dns.test"

--- a/src/config.rs
+++ b/src/config.rs
@ -61,8 +61,7 @@ pub struct State {
 }

 impl State {
-    pub fn new(key_cache_capacity: usize) -> Self {
-        let provider_kp = SignKeyPair::new();
+    pub fn with_key_pair(provider_kp: SignKeyPair, key_cache_capacity: usize) -> Self {
        let dnscrypt_encryption_params_set = vec![DNSCryptEncryptionParams::new(
            &provider_kp,
            key_cache_capacity,
@ -73,6 +72,11 @@ impl State {
        }
    }

+    pub fn new(key_cache_capacity: usize) -> Self {
+        let provider_kp = SignKeyPair::new();
+        State::with_key_pair(provider_kp, key_cache_capacity)
+    }
+
    pub async fn async_save<P: AsRef<Path>>(&self, path: P) -> Result<(), Error> {
        let path_tmp = path.as_ref().with_extension("tmp");
        let mut fpb = tokio::fs::OpenOptions::new();
--- a/src/dnscrypt_certs.rs
+++ b/src/dnscrypt_certs.rs
@ -1,7 +1,6 @@
 use crate::config::*;
 use crate::crypto::*;
 use crate::dnscrypt::*;
-use crate::errors::*;
 use crate::globals::*;

 use byteorder::{BigEndian, ByteOrder};
--- a/src/main.rs
+++ b/src/main.rs
@ -1,6 +1,5 @@
 #![allow(clippy::assertions_on_constants)]
-#![allow(unused_imports)]
-#![allow(unused_variables)]
+#![allow(clippy::type_complexity)]
 #![allow(dead_code)]

 #[global_allocator]
@ -47,8 +46,11 @@ use privdrop::PrivDrop;
 use rand::prelude::*;
 use std::collections::vec_deque::VecDeque;
 use std::convert::TryFrom;
+use std::fs::File;
+use std::io::prelude::*;
 use std::mem;
 use std::net::SocketAddr;
+use std::path::Path;
 use std::sync::atomic::{AtomicU32, Ordering};
 use std::sync::Arc;
 use std::time::Duration;
@ -385,19 +387,26 @@ fn main() -> Result<(), Error> {
            Arg::with_name("config")
                .long("config")
                .short("c")
-                .value_name("FILE")
+                .value_name("file")
                .takes_value(true)
                .default_value("encrypted-dns.toml")
                .help("Path to the configuration file"),
        )
+        .arg(
+            Arg::with_name("import-from-dnscrypt-wrapper")
+                .long("import-from-dnscrypt-wrapper")
+                .value_name("secret.key file")
+                .takes_value(true)
+                .help("Path to the dnscrypt-wrapper secret key"),
+        )
        .get_matches();

    let config_path = matches.value_of("config").unwrap();
    let config = Config::from_path(config_path)?;

    let provider_name = match config.dnscrypt.provider_name {
-        provider_name if provider_name.starts_with("2.dnscrypt.") => provider_name.to_string(),
-        provider_name => format!("2.dnscrypt.{}", provider_name),
+        provider_name if provider_name.starts_with("2.dnscrypt-cert.") => provider_name.to_string(),
+        provider_name => format!("2.dnscrypt-cert.{}", provider_name),
    };
    let external_addr = SocketAddr::new(config.external_addr, 0);

@ -422,6 +431,29 @@ fn main() -> Result<(), Error> {

    let key_cache_capacity = config.dnscrypt.key_cache_capacity;
    let state_file = &config.state_file;
+
+    if let Some(secret_key_path) = matches.value_of("import-from-dnscrypt-wrapper") {
+        let secret_key_path = Path::new(secret_key_path);
+        warn!("Importing dnscrypt-wrapper key");
+        let mut key = vec![];
+        File::open(secret_key_path)?.read_to_end(&mut key)?;
+        if key.len() != 64 {
+            bail!("Key doesn't have the expected size");
+        }
+        let mut sign_sk_u8 = [0u8; 64];
+        let mut sign_pk_u8 = [0u8; 32];
+        sign_sk_u8.copy_from_slice(&key);
+        sign_pk_u8.copy_from_slice(&key[32..]);
+        let provider_kp = SignKeyPair {
+            sk: SignSK::from_bytes(sign_sk_u8),
+            pk: SignPK::from_bytes(sign_pk_u8),
+        };
+        runtime.block_on(
+            State::with_key_pair(provider_kp, key_cache_capacity).async_save(state_file),
+        )?;
+        warn!("Key successfully imported");
+    }
+
    let state = match State::from_file(state_file, key_cache_capacity) {
        Err(_) => {
            warn!("No state file found... creating a new provider key");