mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-06 22:57:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Handle TCP, padding, etc.

Browse source
This commit is contained in:
Frank Denis 2018-01-09 16:40:37 +01:00
parent 6a39b0afdb
commit 553f6afb00
4 changed files with 137 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

18
crypto.go
View file

@ -35,13 +35,27 @@ func unpad(packet []byte) ([]byte, error) {
}
}
}
func (proxy *Proxy) Crypt(serverInfo *ServerInfo, packet []byte) (encrypted []byte, clientNonce []byte) {
func (proxy *Proxy) Encrypt(serverInfo *ServerInfo, packet []byte, proto string) (encrypted []byte, clientNonce []byte, err error) {
nonce, clientNonce := make([]byte, NonceSize), make([]byte, HalfNonceSize)
rand.Read(clientNonce)
copy(nonce, clientNonce)
minQuestionSize := len(packet)
if proto == "udp" {
minQuestionSize = proxy.questionSizeEstimator.MinQuestionSize()
} else {
var xpad [1]byte
rand.Read(xpad[:])
minQuestionSize += int(xpad[0])
}
paddedLength := Min((minQuestionSize+63)&^63, MaxDNSUDPPacketSize-1)
if paddedLength <= 0 || len(packet) >= paddedLength {
err = errors.New("Question too large; cannot be padded")
return
}
encrypted = append(serverInfo.MagicQuery[:], proxy.proxyPublicKey[:]...)
encrypted = append(encrypted, nonce[:HalfNonceSize]...)
encrypted = xsecretbox.Seal(encrypted, nonce, pad(packet, proxy.minQuestionSize), serverInfo.SharedKey[:])
encrypted = xsecretbox.Seal(encrypted, nonce, pad(packet, paddedLength), serverInfo.SharedKey[:])
return
}