Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/cargo/serde-1.0.203
dependabot/cargo/libsodium-sys-stable-1.20.9
dependabot/cargo/parking_lot-0.12.3
master
sieve-cache
slab
tracing-locks
cart
packet-size
solofilter
ttl
0.9.15
0.9.14
0.9.13
0.9.12
0.9.11
0.9.10
0.9.9
0.9.8
0.9.7
0.9.6
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9.0
0.3.23
0.3.22
0.3.21
0.3.20
0.3.17
0.3.14
0.3.12
0.3.11
0.3.10
0.3.8
0.3.7
0.3.6
0.3.5
0.3.3
0.3.2
0.3.1
0.3.0
0.2.10
0.2.9
0.2.8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f0bb6daf5'
${ noResults }
encrypted-dns-server/src/dnscrypt.rs

72 lines
2.4 KiB
Rust
Raw Blame History

use crate::crypto::*;
use crate::dns::*;
use crate::dnscrypt_certs::*;
use crate::errors::*;
use libsodium_sys::*;
use std::ffi::CStr;
use std::ptr;
pub const DNSCRYPT_CLIENT_MAGIC_SIZE: usize = 8;
pub const DNSCRYPT_CLIENT_PK_SIZE: usize = 32;
pub const DNSCRYPT_CLIENT_NONCE_SIZE: usize = 12;
pub struct DNSCryptQuery<'t> {
wrapped_packet: &'t [u8],
}
impl<'t> DNSCryptQuery<'t> {
pub fn new(
wrapped_packet: &'t [u8],
dnscrypt_encryption_params_set: &[DNSCryptEncryptionParams],
) -> Result<Self, Error> {
ensure!(
wrapped_packet.len()
>= DNSCRYPT_CLIENT_MAGIC_SIZE
+ DNSCRYPT_CLIENT_PK_SIZE
+ DNSCRYPT_CLIENT_NONCE_SIZE
+ DNS_HEADER_SIZE,
"Short packet"
);
let dnscrypt_query = DNSCryptQuery { wrapped_packet };
let client_magic = dnscrypt_query.client_magic();
let dnscrypt_encryption_params = dnscrypt_encryption_params_set
.iter()
.find(|p| p.client_magic() == client_magic)
.ok_or_else(|| format_err!("Client magic not found"))?;
let encrypted_packet = dnscrypt_query.encrypted_packet();
let encrypted_packet_len = encrypted_packet.len();
let mut nonce = vec![0u8; crypto_box_curve25519xchacha20poly1305_NONCEBYTES as usize];
&mut nonce[..crypto_box_curve25519xchacha20poly1305_HALFNONCEBYTES]
.copy_from_slice(dnscrypt_query.client_nonce());
let resolver_kp = dnscrypt_encryption_params.resolver_kp();
resolver_kp.decrypt(dnscrypt_query.client_pk(), &nonce, encrypted_packet)?;
dbg!("ok");
Ok(dnscrypt_query)
}
pub fn client_magic(&self) -> &[u8] {
&self.wrapped_packet[..DNSCRYPT_CLIENT_MAGIC_SIZE]
}
pub fn client_pk(&self) -> &[u8] {
&self.wrapped_packet
[DNSCRYPT_CLIENT_MAGIC_SIZE..DNSCRYPT_CLIENT_MAGIC_SIZE + DNSCRYPT_CLIENT_PK_SIZE]
}
pub fn client_nonce(&self) -> &[u8] {
&self.wrapped_packet[DNSCRYPT_CLIENT_MAGIC_SIZE + DNSCRYPT_CLIENT_PK_SIZE
..DNSCRYPT_CLIENT_MAGIC_SIZE + DNSCRYPT_CLIENT_PK_SIZE + DNSCRYPT_CLIENT_NONCE_SIZE]
}
pub fn encrypted_packet(&self) -> &[u8] {
&self.wrapped_packet
[DNSCRYPT_CLIENT_MAGIC_SIZE + DNSCRYPT_CLIENT_PK_SIZE + DNSCRYPT_CLIENT_NONCE_SIZE..]
}
pub fn into_packet(self) -> Vec<u8> {
self.encrypted_packet().to_vec()
}
}
Reference in New Issue View Git Blame Copy Permalink