mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2025-04-04 21:57:44 +03:00
2d1dd7eaab
This works over DNSCrypt and DoH, but requires a specifically configured server. Instead of sending the actual DNS queries, the SH-T system works as follows: Step 1: the client query is evaluated through Argon2id, a military-grade, memory-hard, CPU-hard stretching function. This makes it very expensive for an attacker to find the original query, even using GPUs and ASICs. For post-quantum resistance, we use it to generate a 1024-bit key. Step 2: in case the Argon2id algorithm has a vulnerability, or, since this is a popular function used for hashing passwords and for cryptocurrencices, and people may have built rainbow tables already, we use a hash function over the result of the previous function. This immediately defeats rainbow tables. Step 3: the output of the hash function is truncated to 64-bit. Due to a property of this operation known as collision-misresistance, and even if the previous steps fail due to a nation-state actor, it is impossible for a server operator to prove what exact query was originally sent by a client. This feature is experimental.
53 lines
1.1 KiB
Go
53 lines
1.1 KiB
Go
// Copyright 2017 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package argon2
|
|
|
|
import (
|
|
"encoding/binary"
|
|
"hash"
|
|
|
|
"golang.org/x/crypto/blake2b"
|
|
)
|
|
|
|
// blake2bHash computes an arbitrary long hash value of in
|
|
// and writes the hash to out.
|
|
func blake2bHash(out []byte, in []byte) {
|
|
var b2 hash.Hash
|
|
if n := len(out); n < blake2b.Size {
|
|
b2, _ = blake2b.New(n, nil)
|
|
} else {
|
|
b2, _ = blake2b.New512(nil)
|
|
}
|
|
|
|
var buffer [blake2b.Size]byte
|
|
binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out)))
|
|
b2.Write(buffer[:4])
|
|
b2.Write(in)
|
|
|
|
if len(out) <= blake2b.Size {
|
|
b2.Sum(out[:0])
|
|
return
|
|
}
|
|
|
|
outLen := len(out)
|
|
b2.Sum(buffer[:0])
|
|
b2.Reset()
|
|
copy(out, buffer[:32])
|
|
out = out[32:]
|
|
for len(out) > blake2b.Size {
|
|
b2.Write(buffer[:])
|
|
b2.Sum(buffer[:0])
|
|
copy(out, buffer[:32])
|
|
out = out[32:]
|
|
b2.Reset()
|
|
}
|
|
|
|
if outLen%blake2b.Size > 0 { // outLen > 64
|
|
r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2
|
|
b2, _ = blake2b.New(outLen-32*r, nil)
|
|
}
|
|
b2.Write(buffer[:])
|
|
b2.Sum(out[:0])
|
|
}
|