-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathprotocol.go
More file actions
208 lines (178 loc) · 6.24 KB
/
Copy pathprotocol.go
File metadata and controls
208 lines (178 loc) · 6.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
package dnscrypt
import (
"bufio"
"bytes"
"crypto/rand"
"encoding/binary"
"errors"
"net"
"time"
"github.com/miekg/dns"
"golang.org/x/crypto/ed25519"
"golang.org/x/crypto/nacl/box"
)
var (
certificateMagic = "DNSC"
resolverMagic = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
dnsMaxSizeUDP = 65536 - 20 - 8
)
// GetValidCert retrieves th DNSC certificate for a server
// it validates the certificate and returns the certificates details
// iff it is valid. Otherwise an error is returned.
func GetValidCert(serverAddress string, providerName string, providerKey []byte) (SignedBincertFields, error) {
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(providerName), dns.TypeTXT)
in, err := dns.Exchange(m, serverAddress)
if err != nil {
return SignedBincertFields{}, err
}
if len(in.Answer) == 0 {
return SignedBincertFields{}, errors.New("No answer to pubkey DNS request")
}
var bincert *signedBincert
for _, answer := range in.Answer {
t, ok := answer.(*dns.TXT)
if !ok {
return SignedBincertFields{}, errors.New("First answer not a TXT record")
}
// check for magic Bytes
if t.Txt[0][0:5] == certificateMagic {
return SignedBincertFields{}, errors.New("TXT record is not a DNSC certificate")
}
// decode weird TXT record representation
unpackedBinCert, err := unpackTXT([]byte(t.Txt[0]))
if err != nil {
return SignedBincertFields{}, err
}
// parse outer structure for signature verification
buf := bytes.NewReader(unpackedBinCert)
bincert = new(signedBincert)
err = binary.Read(buf, binary.BigEndian, bincert)
if err != nil {
return SignedBincertFields{}, err
}
// Version indicates which crypto construction to use
// For X25519-XSalsa20Poly1305, <es-version> must be 0x00 0x01.
// For X25519-XChacha20Poly1305, <es-version> must be 0x00 0x02.
if bincert.VersionMajor != 0x01 {
// we do not support this version, look further
bincert = nil
continue
}
}
// have we found a supported certificate?
if bincert == nil {
return SignedBincertFields{}, errors.New("No certificate for supported crypto constructions found")
}
// check signature
valid := ed25519.Verify(providerKey, bincert.SignedData[:], bincert.Signature[:])
if !valid {
return SignedBincertFields{}, errors.New("Invalid certificate Signature")
}
// parse inner structure to get pubkey, validity dates, etc.
buf := bytes.NewReader(bincert.SignedData[:])
bincertFields := SignedBincertFields{}
err = binary.Read(buf, binary.BigEndian, &bincertFields)
if err != nil {
return SignedBincertFields{}, err
}
// is the certificate valid?
// get unsigned timestamp while avoiding uint wrap-arounds
var now uint64
if nowSigned := time.Now().Unix(); nowSigned >= 0 {
now = uint64(nowSigned)
} else {
return SignedBincertFields{}, errors.New("Time traveler alert! Certificates can only be valid from 1970 onwards.")
}
// compare with timestamps in cert
// uint32 -> uint64 should be safe
if now < uint64(bincertFields.TSBegin) {
return SignedBincertFields{}, errors.New("Certificate is not yet valid")
} else if now > uint64(bincertFields.TSEnd) {
return SignedBincertFields{}, errors.New("Certificate is no longer valid")
}
return bincertFields, nil
}
// ExchangeEncrypted exchanges encrypted dns query and returns the response message.
// It needs the specifics of a DNSC server as obtained by calling GetValidCert()
func ExchangeEncrypted(serverAddress string, msg dns.Msg, bincertFields SignedBincertFields) (dns.Msg, error) {
// TODO: the following will be wrapped in a lookUP() function
queryHeader := dnsCryptQueryHeader{
ClientMagic: bincertFields.MagicQuery,
}
// Client Nonce
// The specification says half of the nonce should be zeros => ClientNonce[:12]
if _, err := rand.Read(queryHeader.ClientNonce[:12]); err != nil {
return dns.Msg{}, err
}
// KeyPair
clientPK, clientSK, err := box.GenerateKey(rand.Reader)
if err != nil {
return dns.Msg{}, err
}
queryHeader.ClientPublicKey = *clientPK
serializedDNSQuery, err := msg.PackBuffer(nil)
if err != nil {
return dns.Msg{}, err
}
// add padding
serializedDNSQuery, err = addPadding(serializedDNSQuery)
if err != nil {
return dns.Msg{}, err
}
// build nonce: <nonce> := <client_nonce><12 zeros>
var nonce [24]byte
copy(nonce[:], append(queryHeader.ClientNonce[:12], []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}...))
// we use nacl.box authenticetd encryption for the query
encryptedQuery := box.Seal(nil, serializedDNSQuery, &nonce, &bincertFields.ServerPublicKey, clientSK)
// serialize header and encrypted query to buffer
dnscryptQuery := new(bytes.Buffer)
binary.Write(dnscryptQuery, binary.BigEndian, queryHeader)
binary.Write(dnscryptQuery, binary.BigEndian, encryptedQuery)
conn, err := net.Dial("udp", serverAddress)
if err != nil {
return dns.Msg{}, err
}
// send query
binary.Write(conn, binary.BigEndian, dnscryptQuery.Bytes())
///////////////////////////////////////////////////////////////////////////////////////
// DONE SENDING
///////////////////////////////////////////////////////////////////////////////////////
// receive
p := make([]byte, dnsMaxSizeUDP)
n, err := bufio.NewReader(conn).Read(p)
if err != nil {
return dns.Msg{}, err
}
// parse response header
responseHeaderBytes := bytes.NewBuffer(p[:32])
var responseHeader dnsCryptResponseHeader
err = binary.Read(responseHeaderBytes, binary.BigEndian, &responseHeader)
if err != nil {
return dns.Msg{}, err
}
// check magic bytes
if responseHeader.ServerMagic != resolverMagic {
return dns.Msg{}, errors.New("Magic bytes do not match")
}
// encrypted reply
encryptedResponse := p[32:n]
// decrypt the reply with info from the header
copy(nonce[:], append(responseHeader.ClientNonce[:], responseHeader.ServerNonce[:]...))
dnsResponse, ok := box.Open(nil, encryptedResponse, &nonce, &bincertFields.ServerPublicKey, clientSK)
if !ok {
return dns.Msg{}, errors.New("Could not decrypt response")
}
// strip padding from the decrypted dns response
dnsResponse, err = removePadding(dnsResponse)
if err != nil {
return dns.Msg{}, err
}
// parse dns response
responseMsg := new(dns.Msg)
err = responseMsg.Unpack(dnsResponse)
if err != nil {
return dns.Msg{}, err
}
return *responseMsg, nil
}