AM_COND_IF([LIBSODIUM], [
PKG_CHECK_MODULES([LIBSODIUM], [libsodium], [
AC_DEFINE([HAVE_LIBSODIUM], [1], [Define to 1 if you have libsodium])
+ save_CFLAGS=$CFLAGS
+ save_LIBS=$LIBS
+ CFLAGS="$LIBSODIUM_CFLAGS $CFLAGS"
+ LIBS="$LIBSODIUM_LIBS $LIBS"
+ AC_CHECK_FUNCS([crypto_box_easy_afternm])
+ CFLAGS=$save_CFLAGS
+ LIBS=$save_LIBS
],[
AC_MSG_ERROR([libsodium requested but not available])
])
sodium_munlock(key, sizeof(key));
}
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
DnsCryptQuery::~DnsCryptQuery()
{
if (sharedKeyComputed) {
sharedKeyComputed = true;
return res;
}
-
+#else
+DnsCryptQuery::~DnsCryptQuery()
+{
+}
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
void DnsCryptContext::generateProviderKeys(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE], unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE])
{
memcpy(nonce, &query->header.clientNonce, sizeof(query->header.clientNonce));
memset(nonce + sizeof(query->header.clientNonce), 0, sizeof(nonce) - sizeof(query->header.clientNonce));
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
int res = query->computeSharedKey(query->useOldCert ? oldPrivateKey : privateKey);
if (res != 0) {
vinfolog("Dropping encrypted query we can't compute the shared key for");
packetSize - sizeof(DnsCryptQueryHeader),
nonce,
query->sharedKey);
+#else
+ int res = crypto_box_open_easy((unsigned char*) packet,
+ (unsigned char*) packet + sizeof(DnsCryptQueryHeader),
+ packetSize - sizeof(DnsCryptQueryHeader),
+ nonce,
+ query->header.clientPK,
+ query->useOldCert ? oldPrivateKey.key : privateKey.key);
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
if (res != 0) {
vinfolog("Dropping encrypted query we can't decrypt");
pos += (paddingSize - 1);
/* encrypting */
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
int res = query->computeSharedKey(query->useOldCert ? oldPrivateKey : privateKey);
if (res != 0) {
return res;
responseLen + paddingSize,
header.nonce,
query->sharedKey);
+#else
+ int res = crypto_box_easy((unsigned char*) (response + sizeof(header)),
+ (unsigned char*) (response + toEncryptPos),
+ responseLen + paddingSize,
+ header.nonce,
+ query->header.clientPK,
+ query->useOldCert ? oldPrivateKey.key : privateKey.key);
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
if (res == 0) {
assert(pos == requiredSize);
{
}
~DnsCryptQuery();
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
int computeSharedKey(const DnsCryptPrivateKey& privateKey);
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
static const size_t minUDPLength = 256;
DnsCryptQueryHeader header;
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
unsigned char sharedKey[crypto_box_BEFORENMBYTES];
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
DNSName qname;
DnsCryptContext* ctx;
uint16_t id{0};
bool useOldCert{false};
bool encrypted{false};
bool valid{false};
+#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM
bool sharedKeyComputed{false};
+#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */
};
class DnsCryptContext
projects / thirdparty / pdns.git / commitdiff
