2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 /* let's just define a few types and values so that the rest of
29 the code can ignore whether DNSCrypt support is available */
30 #define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0)
38 DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
42 std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
45 #else /* HAVE_DNSCRYPT */
49 #include <arpa/inet.h>
55 #include "noinitvector.hh"
57 #define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES)
58 #define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES)
59 #define DNSCRYPT_SIGNATURE_SIZE (crypto_sign_ed25519_BYTES)
61 #define DNSCRYPT_PUBLIC_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES)
62 #define DNSCRYPT_PRIVATE_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES)
63 #define DNSCRYPT_NONCE_SIZE (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES)
64 #define DNSCRYPT_BEFORENM_SIZE (crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES)
65 #define DNSCRYPT_MAC_SIZE (crypto_box_curve25519xsalsa20poly1305_MACBYTES)
67 #ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY
68 static_assert(crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, "DNSCrypt public key size should be the same for all exchange versions");
69 static_assert(crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES, "DNSCrypt private key size should be the same for all exchange versions");
70 static_assert(crypto_box_curve25519xchacha20poly1305_NONCEBYTES == crypto_box_curve25519xsalsa20poly1305_NONCEBYTES, "DNSCrypt nonce size should be the same for all exchange versions");
71 static_assert(crypto_box_curve25519xsalsa20poly1305_MACBYTES == crypto_box_curve25519xchacha20poly1305_MACBYTES, "DNSCrypt MAC size should be the same for all exchange versions");
72 static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES, "DNSCrypt BEFORENM size should be the same for all exchange versions");
73 #endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */
75 #define DNSCRYPT_CERT_MAGIC_SIZE (4)
76 #define DNSCRYPT_CERT_MAGIC_VALUE { 0x44, 0x4e, 0x53, 0x43 }
77 #define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE { 0x00, 0x00 }
78 #define DNSCRYPT_CLIENT_MAGIC_SIZE (8)
79 #define DNSCRYPT_RESOLVER_MAGIC { 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 }
80 #define DNSCRYPT_RESOLVER_MAGIC_SIZE (8)
81 #define DNSCRYPT_PADDED_BLOCK_SIZE (64)
82 #define DNSCRYPT_MAX_TCP_PADDING_SIZE (256)
83 #define DNSCRYPT_MAX_RESPONSE_PADDING_SIZE (256)
84 #define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (DNSCRYPT_MAX_RESPONSE_PADDING_SIZE + DNSCRYPT_MAC_SIZE)
86 /* "The client must check for new certificates every hour", so let's use one hour TTL */
87 #define DNSCRYPT_CERTIFICATE_RESPONSE_TTL (3600)
89 static_assert(DNSCRYPT_CLIENT_MAGIC_SIZE <= DNSCRYPT_PUBLIC_KEY_SIZE, "DNSCrypt Client Nonce size should be smaller or equal to public key size.");
91 #define DNSCRYPT_CERT_ES_VERSION1_VALUE { 0x00, 0x01 }
92 #define DNSCRYPT_CERT_ES_VERSION2_VALUE { 0x00, 0x02 }
94 class DNSCryptContext;
96 struct DNSCryptCertSignedData
98 unsigned char resolverPK[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE];
99 unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE];
108 uint32_t getSerial() const
110 return ntohl(signedData.serial);
112 uint32_t getTSStart() const
114 return signedData.tsStart;
116 uint32_t getTSEnd() const
118 return signedData.tsEnd;
120 bool isValid(time_t now) const
122 // coverity[store_truncates_time_t]
123 return ntohl(getTSStart()) <= static_cast<uint32_t>(now) && static_cast<uint32_t>(now) <= ntohl(getTSEnd());
125 unsigned char magic[DNSCRYPT_CERT_MAGIC_SIZE];
126 unsigned char esVersion[2];
127 unsigned char protocolMinorVersion[2];
128 unsigned char signature[DNSCRYPT_SIGNATURE_SIZE];
129 struct DNSCryptCertSignedData signedData;
132 static_assert((sizeof(DNSCryptCertSignedData) + DNSCRYPT_SIGNATURE_SIZE) == 116, "Dnscrypt cert signed data size + signature size should be 116!");
133 static_assert(sizeof(DNSCryptCert) == 124, "Dnscrypt cert size should be 124!");
135 struct DNSCryptQueryHeader
137 unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE];
138 unsigned char clientPK[DNSCRYPT_PUBLIC_KEY_SIZE];
139 unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2];
142 static_assert(sizeof(DNSCryptQueryHeader) == 52, "Dnscrypt query header size should be 52!");
144 struct DNSCryptResponseHeader
146 const unsigned char resolverMagic[DNSCRYPT_RESOLVER_MAGIC_SIZE] = DNSCRYPT_RESOLVER_MAGIC;
147 unsigned char nonce[DNSCRYPT_NONCE_SIZE];
153 } DNSCryptExchangeVersion;
155 class DNSCryptPrivateKey
158 DNSCryptPrivateKey();
159 ~DNSCryptPrivateKey();
160 void loadFromFile(const std::string& keyFile);
161 void saveToFile(const std::string& keyFile) const;
163 unsigned char key[DNSCRYPT_PRIVATE_KEY_SIZE];
166 struct DNSCryptCertificatePair
168 unsigned char publicKey[DNSCRYPT_PUBLIC_KEY_SIZE];
170 DNSCryptPrivateKey privateKey;
177 DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
179 memset(&d_header, 0, sizeof(d_header));
180 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
181 memset(&d_sharedKey, 0, sizeof(d_sharedKey));
182 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
192 const DNSName& getQName() const
197 uint16_t getID() const
202 const unsigned char* getClientMagic() const
204 return d_header.clientMagic;
207 bool isEncrypted() const
212 void setCertificatePair(const std::shared_ptr<DNSCryptCertificatePair>& pair)
217 void parsePacket(PacketBuffer& packet, bool tcp, time_t now);
218 void getDecrypted(bool tcp, PacketBuffer& packet);
219 void getCertificateResponse(time_t now, PacketBuffer& response) const;
220 int encryptResponse(PacketBuffer& response, size_t maxResponseSize, bool tcp);
222 static const size_t s_minUDPLength = 256;
225 DNSCryptExchangeVersion getVersion() const;
226 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
227 int computeSharedKey();
228 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
229 void fillServerNonce(unsigned char* dest) const;
230 uint16_t computePaddingSize(uint16_t unpaddedLen, size_t maxLen) const;
231 bool parsePlaintextQuery(const PacketBuffer& packet);
232 bool isEncryptedQuery(const PacketBuffer& packet, bool tcp, time_t now);
234 DNSCryptQueryHeader d_header;
235 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
236 unsigned char d_sharedKey[crypto_box_BEFORENMBYTES];
237 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
239 std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
240 std::shared_ptr<DNSCryptCertificatePair> d_pair{nullptr};
243 uint16_t d_paddedLen{0};
244 bool d_encrypted{false};
247 #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
248 bool d_sharedKeyComputed{false};
249 #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
252 class DNSCryptContext
255 static void generateProviderKeys(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE], unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]);
256 static std::string getProviderFingerprint(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]);
257 static void generateCertificate(uint32_t serial, time_t begin, time_t end, const DNSCryptExchangeVersion& version, const unsigned char providerPrivateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE], DNSCryptPrivateKey& privateKey, DNSCryptCert& cert);
258 static void saveCertFromFile(const DNSCryptCert& cert, const std::string&filename);
259 static std::string certificateDateToStr(uint32_t date);
260 static void generateResolverKeyPair(DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
261 static void setExchangeVersion(const DNSCryptExchangeVersion& version, unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
262 static DNSCryptExchangeVersion getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]);
263 static DNSCryptExchangeVersion getExchangeVersion(const DNSCryptCert& cert);
271 DNSCryptContext(const std::string& pName, const std::vector<CertKeyPaths>& certKeys);
272 DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
275 void reloadCertificates();
276 void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false);
277 void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false);
279 void markActive(uint32_t serial);
280 void markInactive(uint32_t serial);
281 void removeInactiveCertificate(uint32_t serial);
282 std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates();
283 const DNSName& getProviderName() const { return providerName; }
285 int encryptQuery(PacketBuffer& query, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr<DNSCryptCert>& cert) const;
286 bool magicMatchesAPublicKey(DNSCryptQuery& query, time_t now);
287 void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response);
290 static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]);
291 static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest);
292 static std::shared_ptr<DNSCryptCertificatePair> loadCertificatePair(const std::string& certFile, const std::string& keyFile);
294 void addNewCertificate(std::shared_ptr<DNSCryptCertificatePair>& newCert, bool reload=false);
296 SharedLockGuarded<std::vector<std::shared_ptr<DNSCryptCertificatePair>>> d_certs;
297 SharedLockGuarded<std::vector<CertKeyPaths>> d_certKeyPaths;
298 DNSName providerName;
301 bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut);