#pragma once
#include "config.h"
-#ifdef HAVE_DNSCRYPT
+#ifndef HAVE_DNSCRYPT
+
+/* let's just define a few types and values so that the rest of
+ the code can ignore whether DNSCrypt support is available */
+#define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0)
+
+class DNSCryptContext
+{
+};
+
+class DNSCryptQuery
+{
+ DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
+ {
+ }
+private:
+ std::shared_ptr<DNSCryptContext> d_ctx{nullptr};
+};
+
+#else /* HAVE_DNSCRYPT */
#include <memory>
#include <string>
}
bool isValid(time_t now) const
{
- return ntohl(getTSStart()) <= now && now <= ntohl(getTSEnd());
+ return ntohl(getTSStart()) <= static_cast<uint32_t>(now) && static_cast<uint32_t>(now) <= ntohl(getTSEnd());
}
unsigned char magic[DNSCRYPT_CERT_MAGIC_SIZE];
unsigned char esVersion[2];
class DNSCryptQuery
{
public:
- DNSCryptQuery(std::shared_ptr<DNSCryptContext> ctx): d_ctx(ctx)
+ DNSCryptQuery(const std::shared_ptr<DNSCryptContext>& ctx): d_ctx(ctx)
{
}
~DNSCryptQuery();
return d_encrypted;
}
- void setCertificatePair(std::shared_ptr<DNSCryptCertificatePair> pair)
+ void setCertificatePair(const std::shared_ptr<DNSCryptCertificatePair>& pair)
{
d_pair = pair;
}
std::shared_ptr<DNSCryptCertificatePair> d_pair{nullptr};
uint16_t d_id{0};
uint16_t d_len{0};
- uint16_t d_paddedLen;
+ uint16_t d_paddedLen{0};
bool d_encrypted{false};
bool d_valid{false};
DNSCryptContext(const std::string& pName, const std::string& certFile, const std::string& keyFile);
DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey);
- void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true);
- void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true);
+ void reloadCertificate();
+ void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false);
+ void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false);
void markActive(uint32_t serial);
void markInactive(uint32_t serial);
void removeInactiveCertificate(uint32_t serial);
std::vector<std::shared_ptr<DNSCryptCertificatePair>> getCertificates() { return certs; };
const DNSName& getProviderName() const { return providerName; }
- int encryptQuery(char* query, uint16_t queryLen, uint16_t querySize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, uint16_t* encryptedResponseLen, const std::shared_ptr<DNSCryptCert> cert) const;
+ int encryptQuery(char* query, uint16_t queryLen, uint16_t querySize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, uint16_t* encryptedResponseLen, const std::shared_ptr<DNSCryptCert>& cert) const;
bool magicMatchesAPublicKey(DNSCryptQuery& query, time_t now);
void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, std::vector<uint8_t>& response);
pthread_rwlock_t d_lock;
std::vector<std::shared_ptr<DNSCryptCertificatePair>> certs;
DNSName providerName;
+ std::string certificatePath;
+ std::string keyPath;
};
bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut);