pdns/dnscrypt.hh

   1 /*
   2  * This file is part of PowerDNS or dnsdist.
   3  * Copyright -- PowerDNS.COM B.V. and its contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of version 2 of the GNU General Public License as
   7  * published by the Free Software Foundation.
   8  *
   9  * In addition, for the avoidance of any doubt, permission is granted to
  10  * link this program with OpenSSL and to (re)distribute the binaries
  11  * produced as the result of such linking.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22 #pragma once
  23 #include "config.h"
  24
  25 #ifndef HAVE_DNSCRYPT
  26
  27 /* let's just define a few types and values so that the rest of
  28    the code can ignore whether DNSCrypt support is available */
  29 #define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0)
  30
  31 class DNSCryptContext
  32 {
  33 };
  34
  35 class DNSCryptQuery
  36 {
  37   DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
  38   {
  39   }
  40 private:
  41   std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
  42 };
  43
  44 #else /* HAVE_DNSCRYPT */
  45
  46 #include <memory>
  47 #include <string>
  48 #include <vector>
  49 #include <arpa/inet.h>
  50
  51 #include <sodium.h>
  52
  53 #include "dnsname.hh"
  54
  55 #define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES)
  56 #define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES)
  57 #define DNSCRYPT_SIGNATURE_SIZE (crypto_sign_ed25519_BYTES)
  58
  59 #define DNSCRYPT_PUBLIC_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES)
  60 #define DNSCRYPT_PRIVATE_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES)
  61 #define DNSCRYPT_NONCE_SIZE (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES)
  62 #define DNSCRYPT_BEFORENM_SIZE (crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES)
  63 #define DNSCRYPT_MAC_SIZE (crypto_box_curve25519xsalsa20poly1305_MACBYTES)
  64
  65 #ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY
  66 static_assert(crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, "DNSCrypt public key size should be the same for all exchange versions");
  67 static_assert(crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES, "DNSCrypt private key size should be the same for all exchange versions");
  68 static_assert(crypto_box_curve25519xchacha20poly1305_NONCEBYTES == crypto_box_curve25519xsalsa20poly1305_NONCEBYTES, "DNSCrypt nonce size should be the same for all exchange versions");
  69 static_assert(crypto_box_curve25519xsalsa20poly1305_MACBYTES == crypto_box_curve25519xchacha20poly1305_MACBYTES, "DNSCrypt MAC size should be the same for all exchange versions");
  70 static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES, "DNSCrypt BEFORENM size should be the same for all exchange versions");
  71 #endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */
  72
  73 #define DNSCRYPT_CERT_MAGIC_SIZE (4)
  74 #define DNSCRYPT_CERT_MAGIC_VALUE { 0x44, 0x4e, 0x53, 0x43 }
  75 #define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE { 0x00, 0x00 }
  76 #define DNSCRYPT_CLIENT_MAGIC_SIZE (8)
  77 #define DNSCRYPT_RESOLVER_MAGIC { 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 }
  78 #define DNSCRYPT_RESOLVER_MAGIC_SIZE (8)
  79 #define DNSCRYPT_PADDED_BLOCK_SIZE (64)
  80 #define DNSCRYPT_MAX_TCP_PADDING_SIZE (256)
  81 #define DNSCRYPT_MAX_RESPONSE_PADDING_SIZE (256)
  82 #define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (DNSCRYPT_MAX_RESPONSE_PADDING_SIZE + DNSCRYPT_MAC_SIZE)
  83
  84 /* "The client must check for new certificates every hour", so let's use one hour TTL */
  85 #define DNSCRYPT_CERTIFICATE_RESPONSE_TTL (3600)
  86
  87 static_assert(DNSCRYPT_CLIENT_MAGIC_SIZE <= DNSCRYPT_PUBLIC_KEY_SIZE, "DNSCrypt Client Nonce size should be smaller or equal to public key size.");
  88
  89 #define DNSCRYPT_CERT_ES_VERSION1_VALUE { 0x00, 0x01 }
  90 #define DNSCRYPT_CERT_ES_VERSION2_VALUE { 0x00, 0x02 }
  91
  92 class DNSCryptContext;
  93
  94 struct DNSCryptCertSignedData
  95 {
  96   unsigned char resolverPK[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE];
  97   unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE];
  98   uint32_t serial;
  99   uint32_t tsStart;
 100   uint32_t tsEnd;
 101 };
 102
 103 class DNSCryptCert
 104 {
 105 public:
 106   uint32_t getSerial() const
 107   {
 108     return ntohl(signedData.serial);
 109   }
 110   uint32_t getTSStart() const
 111   {
 112     return signedData.tsStart;
 113   }
 114   uint32_t getTSEnd() const
 115   {
 116     return signedData.tsEnd;
 117   }
 118   bool isValid(time_t now) const
 119   {
 120     return ntohl(getTSStart()) <= static_cast<uint32_t>(now) && static_cast<uint32_t>(now) <= ntohl(getTSEnd());
 121   }
 122   unsigned char magic[DNSCRYPT_CERT_MAGIC_SIZE];
 123   unsigned char esVersion[2];
 124   unsigned char protocolMinorVersion[2];
 125   unsigned char signature[DNSCRYPT_SIGNATURE_SIZE];
 126   struct DNSCryptCertSignedData signedData;
 127 };
 128
 129 static_assert((sizeof(DNSCryptCertSignedData) + DNSCRYPT_SIGNATURE_SIZE) == 116, "Dnscrypt cert signed data size + signature size should be 116!");
 130 static_assert(sizeof(DNSCryptCert) == 124, "Dnscrypt cert size should be 124!");
 131
 132 struct DNSCryptQueryHeader
 133 {
 134   unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE];
 135   unsigned char clientPK[DNSCRYPT_PUBLIC_KEY_SIZE];
 136   unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2];
 137 };
 138
 139 static_assert(sizeof(DNSCryptQueryHeader) == 52, "Dnscrypt query header size should be 52!");
 140
 141 struct DNSCryptResponseHeader
 142 {
 143   const unsigned char resolverMagic[DNSCRYPT_RESOLVER_MAGIC_SIZE] = DNSCRYPT_RESOLVER_MAGIC;
 144   unsigned char nonce[DNSCRYPT_NONCE_SIZE];
 145 };
 146
 147 typedef enum {
 148   VERSION1,
 149   VERSION2
 150 } DNSCryptExchangeVersion;
 151
 152 class DNSCryptPrivateKey
 153 {
 154 public:
 155   DNSCryptPrivateKey();
 156   ~DNSCryptPrivateKey();
 157   void loadFromFile(const std::string& keyFile);
 158   void saveToFile(const std::string& keyFile) const;
 159
 160   unsigned char key[DNSCRYPT_PRIVATE_KEY_SIZE];
 161 };
 162
 163 struct DNSCryptCertificatePair
 164 {
 165   unsigned char publicKey[DNSCRYPT_PUBLIC_KEY_SIZE];
 166   DNSCryptCert cert;
 167   DNSCryptPrivateKey privateKey;
 168   bool active;
 169 };
 170
 171 class DNSCryptQuery
 172 {
 173 public:
 174   DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
 175   {
 176   }
 177   ~DNSCryptQuery();
 178
 179   bool isValid() const
 180   {
 181     return d_valid;
 182   }
 183
 184   const DNSName& getQName() const
 185   {
 186     return d_qname;
 187   }
 188
 189   uint16_t getID() const
 190   {
 191     return d_id;
 192   }
 193
 194   const unsigned char* getClientMagic() const
 195   {
 196     return d_header.clientMagic;
 197   }
 198
 199   bool isEncrypted() const
 200   {
 201     return d_encrypted;
 202   }
 203
 204   void setCertificatePair(const std::shared_ptr<DNSCryptCertificatePair>& pair)
 205   {
 206     d_pair = pair;
 207   }
 208
 209   void parsePacket(char* packet, uint16_t packetSize, bool tcp, uint16_t* decryptedQueryLen, time_t now);
 210   void getDecrypted(bool tcp, char* packet, uint16_t packetSize, uint16_t* decryptedQueryLen);
 211   void getCertificateResponse(time_t now, std::vector<uint8_t>& response) const;
 212   int encryptResponse(char* response, uint16_t responseLen, uint16_t responseSize, bool tcp, uint16_t* encryptedResponseLen);
 213
 214   static const size_t s_minUDPLength = 256;
 215
 216 private:
 217   DNSCryptExchangeVersion getVersion() const;
 218 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
 219   int computeSharedKey();
 220 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
 221   void fillServerNonce(unsigned char* dest) const;
 222   uint16_t computePaddingSize(uint16_t unpaddedLen, size_t maxLen) const;
 223   bool parsePlaintextQuery(const char * packet, uint16_t packetSize);
 224   bool isEncryptedQuery(const char * packet, uint16_t packetSize, bool tcp, time_t now);
 225
 226   DNSCryptQueryHeader d_header;
 227 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
 228   unsigned char d_sharedKey[crypto_box_BEFORENMBYTES];
 229 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
 230   DNSName d_qname;
 231   std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
 232   std::shared_ptr<DNSCryptCertificatePair> d_pair{nullptr};
 233   uint16_t d_id{0};
 234   uint16_t d_len{0};
 235   uint16_t d_paddedLen{0};
 236   bool d_encrypted{false};
 237   bool d_valid{false};
 238
 239 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
 240   bool d_sharedKeyComputed{false};
 241 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
 242 };
 243
 244 class DNSCryptContext
 245 {
 246 public:
 247   static void generateProviderKeys(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE], unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]);
 248   static std::string getProviderFingerprint(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]);
 249   static void generateCertificate(uint32_t serial, time_t begin, time_t end, const DNSCryptExchangeVersion& version, const unsigned char providerPrivateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE], DNSCryptPrivateKey& privateKey, DNSCryptCert& cert);
 250   static void saveCertFromFile(const DNSCryptCert& cert, const std::string&filename);
 251   static std::string certificateDateToStr(uint32_t date);
 252   static void generateResolverKeyPair(DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
 253   static void setExchangeVersion(const DNSCryptExchangeVersion& version,  unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
 254   static DNSCryptExchangeVersion getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
 255   static DNSCryptExchangeVersion getExchangeVersion(const DNSCryptCert& cert);
 256
 257   DNSCryptContext(const std::string& pName, const std::string& certFile, const std::string& keyFile);
 258   DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
 259
 260   void reloadCertificate();
 261   void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false);
 262   void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false);
 263   void markActive(uint32_t serial);
 264   void markInactive(uint32_t serial);
 265   void removeInactiveCertificate(uint32_t serial);
 266   std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return certs; };
 267   const DNSName& getProviderName() const { return providerName; }
 268
 269   int encryptQuery(char* query, uint16_t queryLen, uint16_t querySize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, uint16_t* encryptedResponseLen, const std::shared_ptr<DNSCryptCert>& cert) const;
 270   bool magicMatchesAPublicKey(DNSCryptQuery& query, time_t now);
 271   void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, std::vector<uint8_t>& response);
 272
 273 private:
 274   static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
 275   static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest);
 276
 277   pthread_rwlock_t d_lock;
 278   std::vector<std::shared_ptr<DNSCryptCertificatePair>> certs;
 279   DNSName providerName;
 280   std::string certificatePath;
 281   std::string keyPath;
 282 };
 283
 284 bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut);
 285
 286 #endif