From: Remi Gacogne Date: Fri, 17 May 2024 13:22:27 +0000 (+0200) Subject: dnsdist: Format DNSCrypt code X-Git-Tag: rec-5.1.0-beta1~30^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=579b9e33b1e90c3958026f2314be80909b5430da;p=thirdparty%2Fpdns.git dnsdist: Format DNSCrypt code --- diff --git a/.not-formatted b/.not-formatted index 73388067b1..74920fdcc5 100644 --- a/.not-formatted +++ b/.not-formatted @@ -33,8 +33,6 @@ ./pdns/dns.cc ./pdns/dns.hh ./pdns/dnsbulktest.cc -./pdns/dnscrypt.cc -./pdns/dnscrypt.hh ./pdns/dnsdemog.cc ./pdns/dnsdistdist/connection-management.hh ./pdns/dnsdistdist/dnsdist-backend.cc @@ -201,7 +199,6 @@ ./pdns/test-base64_cc.cc ./pdns/test-common.hh ./pdns/test-distributor_hh.cc -./pdns/test-dnscrypt_cc.cc ./pdns/test-dnsname_cc.cc ./pdns/test-dnsparser_cc.cc ./pdns/test-dnsparser_hh.cc diff --git a/pdns/dnsdistdist/dnscrypt.cc b/pdns/dnsdistdist/dnscrypt.cc index 3e8e0b30ff..b28c78da1c 100644 --- a/pdns/dnsdistdist/dnscrypt.cc +++ b/pdns/dnsdistdist/dnscrypt.cc @@ -124,15 +124,16 @@ int DNSCryptQuery::computeSharedKey() DNSCryptQuery::~DNSCryptQuery() = default; #endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ - DNSCryptContext::~DNSCryptContext() = default; -DNSCryptContext::DNSCryptContext(const std::string& pName, const std::vector& certKeys): d_certKeyPaths(certKeys), providerName(pName) +DNSCryptContext::DNSCryptContext(const std::string& pName, const std::vector& certKeys) : + d_certKeyPaths(certKeys), providerName(pName) { reloadCertificates(); } -DNSCryptContext::DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey): providerName(pName) +DNSCryptContext::DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey) : + providerName(pName) { addNewCertificate(certificate, pKey); } @@ -151,9 +152,8 @@ std::string DNSCryptContext::getProviderFingerprint(const DNSCryptCertSignedData boost::format fmt("%02X%02X"); ostringstream ret; - for (size_t idx = 0; idx < DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE; idx += 2) - { - ret << (fmt % static_cast(publicKey.at(idx)) % static_cast(publicKey.at(idx+1))); + for (size_t idx = 0; idx < DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE; idx += 2) { + ret << (fmt % static_cast(publicKey.at(idx)) % static_cast(publicKey.at(idx + 1))); if (idx < (DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE - 2)) { ret << ":"; } @@ -167,10 +167,10 @@ void DNSCryptContext::setExchangeVersion(const DNSCryptExchangeVersion& version, esVersion.at(0) = 0x00; if (version == DNSCryptExchangeVersion::VERSION1) { - esVersion.at(1) = { 0x01 }; + esVersion.at(1) = {0x01}; } else if (version == DNSCryptExchangeVersion::VERSION2) { - esVersion.at(1) = { 0x02 }; + esVersion.at(1) = {0x02}; } else { throw std::runtime_error("Unknown DNSCrypt exchange version"); @@ -228,11 +228,11 @@ void DNSCryptContext::generateCertificate(uint32_t serial, time_t begin, time_t } } -void DNSCryptContext::loadCertFromFile(const std::string&filename, DNSCryptCert& dest) +void DNSCryptContext::loadCertFromFile(const std::string& filename, DNSCryptCert& dest) { ifstream file(filename); // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast): this is the API we have - file.read(reinterpret_cast(&dest), sizeof(dest)); + file.read(reinterpret_cast(&dest), sizeof(dest)); if (file.fail()) { throw std::runtime_error("Invalid dnscrypt certificate file " + filename); @@ -241,11 +241,11 @@ void DNSCryptContext::loadCertFromFile(const std::string&filename, DNSCryptCert& file.close(); } -void DNSCryptContext::saveCertFromFile(const DNSCryptCert& cert, const std::string&filename) +void DNSCryptContext::saveCertFromFile(const DNSCryptCert& cert, const std::string& filename) { ofstream file(filename); // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast): this is the API we have - file.write(reinterpret_cast(&cert), sizeof(cert)); + file.write(reinterpret_cast(&cert), sizeof(cert)); file.close(); } @@ -342,7 +342,8 @@ void DNSCryptContext::reloadCertificates() } } -std::vector> DNSCryptContext::getCertificates() { +std::vector> DNSCryptContext::getCertificates() +{ std::vector> ret = *(d_certs.read_lock()); return ret; }; @@ -373,7 +374,7 @@ void DNSCryptContext::removeInactiveCertificate(uint32_t serial) { auto certs = d_certs.write_lock(); - for (auto it = certs->begin(); it != certs->end(); ) { + for (auto it = certs->begin(); it != certs->end();) { if (!(*it)->active && (*it)->cert.getSerial() == serial) { it = certs->erase(it); return; @@ -421,7 +422,7 @@ bool DNSCryptQuery::parsePlaintextQuery(const PacketBuffer& packet) void DNSCryptContext::getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response) { GenericDNSPacketWriter packetWriter(response, qname, QType::TXT, QClass::IN, Opcode::Query); - struct dnsheader * dnsHeader = packetWriter.getHeader(); + struct dnsheader* dnsHeader = packetWriter.getHeader(); dnsHeader->id = qid; dnsHeader->qr = true; dnsHeader->rcode = RCode::NoError; @@ -435,7 +436,7 @@ void DNSCryptContext::getCertificateResponse(time_t now, const DNSName& qname, u packetWriter.startRecord(qname, QType::TXT, (DNSCRYPT_CERTIFICATE_RESPONSE_TTL), QClass::IN, DNSResourceRecord::ANSWER, true); std::string scert; uint8_t certSize = sizeof(pair->cert); - // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) + // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) scert.assign(reinterpret_cast(&certSize), sizeof(certSize)); // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast) scert.append(reinterpret_cast(&pair->cert), certSize); @@ -533,7 +534,8 @@ void DNSCryptQuery::getDecrypted(bool tcp, PacketBuffer& packet) #else /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ res = -1; #endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ - } else { + } + else { res = -1; } @@ -887,7 +889,7 @@ bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint DNSCryptContext::generateCertificate(serial, begin, end, version, providerPrivateKey, keyOut, certOut); success = true; } - catch(const std::exception& e) { + catch (const std::exception& e) { errlog(e.what()); } diff --git a/pdns/dnsdistdist/dnscrypt.hh b/pdns/dnsdistdist/dnscrypt.hh index b25a081d22..dfb4c9bf81 100644 --- a/pdns/dnsdistdist/dnscrypt.hh +++ b/pdns/dnsdistdist/dnscrypt.hh @@ -35,9 +35,11 @@ class DNSCryptContext class DNSCryptQuery { - DNSCryptQuery(const std::shared_ptr& ctx): d_ctx(ctx) + DNSCryptQuery(const std::shared_ptr& ctx) : + d_ctx(ctx) { } + private: std::shared_ptr d_ctx{nullptr}; }; @@ -73,10 +75,19 @@ static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box #endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ #define DNSCRYPT_CERT_MAGIC_SIZE (4) -#define DNSCRYPT_CERT_MAGIC_VALUE { 0x44, 0x4e, 0x53, 0x43 } -#define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE { 0x00, 0x00 } +#define DNSCRYPT_CERT_MAGIC_VALUE \ + { \ + 0x44, 0x4e, 0x53, 0x43 \ + } +#define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE \ + { \ + 0x00, 0x00 \ + } #define DNSCRYPT_CLIENT_MAGIC_SIZE (8) -#define DNSCRYPT_RESOLVER_MAGIC { 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 } +#define DNSCRYPT_RESOLVER_MAGIC \ + { \ + 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 \ + } #define DNSCRYPT_RESOLVER_MAGIC_SIZE (8) #define DNSCRYPT_PADDED_BLOCK_SIZE (64) #define DNSCRYPT_MAX_TCP_PADDING_SIZE (256) @@ -88,14 +99,20 @@ static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box static_assert(DNSCRYPT_CLIENT_MAGIC_SIZE <= DNSCRYPT_PUBLIC_KEY_SIZE, "DNSCrypt Client Nonce size should be smaller or equal to public key size."); -#define DNSCRYPT_CERT_ES_VERSION1_VALUE { 0x00, 0x01 } -#define DNSCRYPT_CERT_ES_VERSION2_VALUE { 0x00, 0x02 } +#define DNSCRYPT_CERT_ES_VERSION1_VALUE \ + { \ + 0x00, 0x01 \ + } +#define DNSCRYPT_CERT_ES_VERSION2_VALUE \ + { \ + 0x00, 0x02 \ + } class DNSCryptContext; struct DNSCryptCertSignedData { - using ResolverPublicKeyType = std::array; + using ResolverPublicKeyType = std::array; using ResolverPrivateKeyType = std::array; using ClientMagicType = std::array; ResolverPublicKeyType resolverPK; @@ -166,7 +183,8 @@ struct DNSCryptResponseHeader static_assert(sizeof(DNSCryptResponseHeader) == (DNSCRYPT_RESOLVER_MAGIC_SIZE + DNSCRYPT_NONCE_SIZE), "Dnscrypt response header size is incorrect!"); static_assert(std::is_trivially_copyable_v == true); -typedef enum { +typedef enum +{ VERSION1, VERSION2 } DNSCryptExchangeVersion; @@ -195,7 +213,8 @@ struct DNSCryptCertificatePair class DNSCryptQuery { public: - DNSCryptQuery(const std::shared_ptr& ctx): d_ctx(ctx) + DNSCryptQuery(const std::shared_ptr& ctx) : + d_ctx(ctx) { memset(&d_header, 0, sizeof(d_header)); #ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM @@ -277,7 +296,7 @@ public: static void generateProviderKeys(DNSCryptCertSignedData::ResolverPublicKeyType& publicKey, DNSCryptCertSignedData::ResolverPrivateKeyType& privateKey); static std::string getProviderFingerprint(const DNSCryptCertSignedData::ResolverPublicKeyType& publicKey); static void generateCertificate(uint32_t serial, time_t begin, time_t end, const DNSCryptExchangeVersion& version, const DNSCryptCertSignedData::ResolverPrivateKeyType& providerPrivateKey, DNSCryptPrivateKey& privateKey, DNSCryptCert& cert); - static void saveCertFromFile(const DNSCryptCert& cert, const std::string&filename); + static void saveCertFromFile(const DNSCryptCert& cert, const std::string& filename); static std::string certificateDateToStr(uint32_t date); static void generateResolverKeyPair(DNSCryptPrivateKey& privK, DNSCryptPublicKeyType& pubK); static void setExchangeVersion(const DNSCryptExchangeVersion& version, DNSCryptCert::ESVersionType& esVersion); @@ -296,8 +315,8 @@ public: ~DNSCryptContext(); void reloadCertificates(); - void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false); - void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false); + void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active = true, bool reload = false); + void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active = true, bool reload = false); void markActive(uint32_t serial); void markInactive(uint32_t serial); @@ -310,10 +329,10 @@ public: private: static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, DNSCryptCertificatePair::PublicKeyType& pubK); - static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest); + static void loadCertFromFile(const std::string& filename, DNSCryptCert& dest); static std::shared_ptr loadCertificatePair(const std::string& certFile, const std::string& keyFile); - void addNewCertificate(std::shared_ptr& newCert, bool reload=false); + void addNewCertificate(std::shared_ptr& newCert, bool reload = false); SharedLockGuarded>> d_certs; SharedLockGuarded> d_certKeyPaths; diff --git a/pdns/dnsdistdist/test-dnscrypt_cc.cc b/pdns/dnsdistdist/test-dnscrypt_cc.cc index 4fd3aea30a..782a7569eb 100644 --- a/pdns/dnsdistdist/test-dnscrypt_cc.cc +++ b/pdns/dnsdistdist/test-dnscrypt_cc.cc @@ -41,7 +41,8 @@ BOOST_AUTO_TEST_SUITE(test_dnscrypt_cc) #ifdef HAVE_DNSCRYPT // plaintext query for cert -BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQuery) { +BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQuery) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -66,7 +67,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQuery) { query->getCertificateResponse(now, response); - MOADNSParser mdp(false, (char*) response.data(), response.size()); + MOADNSParser mdp(false, (char*)response.data(), response.size()); BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U); BOOST_CHECK_EQUAL(mdp.d_header.ancount, 1U); @@ -79,7 +80,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQuery) { } // invalid plaintext query (A) -BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidA) { +BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidA) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -102,7 +104,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidA) { } // invalid plaintext query (wrong provider name) -BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidProviderName) { +BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidProviderName) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -125,7 +128,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptPlaintextQueryInvalidProviderName) { } // valid encrypted query -BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) { +BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -139,7 +143,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) { DNSCryptPublicKeyType clientPublicKey; DNSCryptContext::generateResolverKeyPair(clientPrivateKey, clientPublicKey); - DNSCryptClientNonceType clientNonce{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B }; + DNSCryptClientNonceType clientNonce{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B}; DNSName name("www.powerdns.com."); PacketBuffer plainQuery; @@ -159,7 +163,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) { BOOST_CHECK_EQUAL(query->isValid(), true); BOOST_CHECK_EQUAL(query->isEncrypted(), true); - MOADNSParser mdp(true, (char*) plainQuery.data(), plainQuery.size()); + MOADNSParser mdp(true, (char*)plainQuery.data(), plainQuery.size()); BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U); BOOST_CHECK_EQUAL(mdp.d_header.ancount, 0U); @@ -172,7 +176,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValid) { } // valid encrypted query with not enough room -BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidButShort) { +BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidButShort) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -187,7 +192,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidButShort) { DNSCryptContext::generateResolverKeyPair(clientPrivateKey, clientPublicKey); - DNSCryptClientNonceType clientNonce{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B }; + DNSCryptClientNonceType clientNonce{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B}; DNSName name("www.powerdns.com."); PacketBuffer plainQuery; @@ -199,7 +204,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidButShort) { } // valid encrypted query with old key -BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) { +BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -214,7 +220,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) { DNSCryptContext::generateResolverKeyPair(clientPrivateKey, clientPublicKey); - DNSCryptClientNonceType clientNonce{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B }; + DNSCryptClientNonceType clientNonce{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B}; DNSName name("www.powerdns.com."); PacketBuffer plainQuery; @@ -239,7 +245,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) { BOOST_CHECK_EQUAL(query->isValid(), true); BOOST_CHECK_EQUAL(query->isEncrypted(), true); - MOADNSParser mdp(true, (char*) plainQuery.data(), plainQuery.size()); + MOADNSParser mdp(true, (char*)plainQuery.data(), plainQuery.size()); BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U); BOOST_CHECK_EQUAL(mdp.d_header.ancount, 0U); @@ -252,7 +258,8 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryValidWithOldKey) { } // valid encrypted query with wrong key -BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryInvalidWithWrongKey) { +BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryInvalidWithWrongKey) +{ DNSCryptPrivateKey resolverPrivateKey; DNSCryptCert resolverCert; DNSCryptCertSignedData::ResolverPublicKeyType providerPublicKey; @@ -267,7 +274,7 @@ BOOST_AUTO_TEST_CASE(DNSCryptEncryptedQueryInvalidWithWrongKey) { DNSCryptContext::generateResolverKeyPair(clientPrivateKey, clientPublicKey); - DNSCryptClientNonceType clientNonce{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B }; + DNSCryptClientNonceType clientNonce{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x0A, 0x0B}; DNSName name("www.powerdns.com."); PacketBuffer plainQuery;