1 #ifndef UNBOUND_DNSCRYPT_H 2 #define UNBOUND_DNSCRYPT_H 3 4 /** 5 * \file 6 * dnscrypt functions for encrypting DNS packets. 7 */ 8 9 #include "dnscrypt/dnscrypt_config.h" 10 #ifdef USE_DNSCRYPT 11 12 #define DNSCRYPT_MAGIC_HEADER_LEN 8U 13 #define DNSCRYPT_MAGIC_RESPONSE "r6fnvWj8" 14 15 #ifndef DNSCRYPT_MAX_PADDING 16 # define DNSCRYPT_MAX_PADDING 256U 17 #endif 18 #ifndef DNSCRYPT_BLOCK_SIZE 19 # define DNSCRYPT_BLOCK_SIZE 64U 20 #endif 21 #ifndef DNSCRYPT_MIN_PAD_LEN 22 # define DNSCRYPT_MIN_PAD_LEN 8U 23 #endif 24 25 #define crypto_box_HALF_NONCEBYTES (crypto_box_NONCEBYTES / 2U) 26 27 #include "config.h" 28 #include "dnscrypt/cert.h" 29 30 #define DNSCRYPT_QUERY_HEADER_SIZE \ 31 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES) 32 #define DNSCRYPT_RESPONSE_HEADER_SIZE \ 33 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_NONCEBYTES + crypto_box_MACBYTES) 34 35 #define DNSCRYPT_REPLY_HEADER_SIZE \ 36 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES) 37 38 struct sldns_buffer; 39 struct config_file; 40 struct comm_reply; 41 42 typedef struct KeyPair_ { 43 uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES]; 44 uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES]; 45 } KeyPair; 46 47 struct dnsc_env { 48 struct SignedCert *signed_certs; 49 size_t signed_certs_count; 50 uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES]; 51 uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES]; 52 KeyPair *keypairs; 53 size_t keypairs_count; 54 uint64_t nonce_ts_last; 55 unsigned char hash_key[crypto_shorthash_KEYBYTES]; 56 char * provider_name; 57 }; 58 59 struct dnscrypt_query_header { 60 uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN]; 61 uint8_t publickey[crypto_box_PUBLICKEYBYTES]; 62 uint8_t nonce[crypto_box_HALF_NONCEBYTES]; 63 uint8_t mac[crypto_box_MACBYTES]; 64 }; 65 66 /** 67 * Initialize DNSCrypt enviroment. 68 * Initialize sodium library and allocate the dnsc_env structure. 69 * \return an uninitialized struct dnsc_env. 70 */ 71 struct dnsc_env * dnsc_create(void); 72 73 /** 74 * Apply configuration. 75 * Read certificates and secret keys from configuration. Initialize hashkey and 76 * provider name as well as loading cert TXT records. 77 * In case of issue applying configuration, this function fatals. 78 * \param[in] env the struct dnsc_env to populate. 79 * \param[in] cfg the config_file struct with dnscrypt options. 80 * \return 0 on success. 81 */ 82 int dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg); 83 84 /** 85 * handle a crypted dnscrypt request. 86 * Determine wether or not a query is coming over the dnscrypt listener and 87 * attempt to uncurve it or detect if it is a certificate query. 88 * return 0 in case of failure. 89 */ 90 int dnsc_handle_curved_request(struct dnsc_env* dnscenv, 91 struct comm_reply* repinfo); 92 /** 93 * handle an unencrypted dnscrypt request. 94 * Determine wether or not a query is going over the dnscrypt channel and 95 * attempt to curve it unless it was not crypted like when it is a 96 * certificate query. 97 * \return 0 in case of failure. 98 */ 99 100 int dnsc_handle_uncurved_request(struct comm_reply *repinfo); 101 #endif /* USE_DNSCRYPT */ 102 #endif 103