mirrors/doh-server
1
0
Fork 0
mirror of https://github.com/DNSCrypt/doh-server.git synced 2025-04-03 04:57:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update deps, format

Browse source
This commit is contained in:
Frank Denis 2021-05-14 23:36:37 +02:00
parent 338d6436c0
commit 9445e95014
3 changed files with 59 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/libdoh/Cargo.toml
View file

@ -20,7 +20,7 @@ byteorder = "1.4.2"
base64 = "0.13.0"
futures = "0.3.13"
hyper = { version = "0.14.4", default-features = false, features = ["server", "http1", "http2", "stream"] }
tokio = { version = "1.2.0", features = ["net", "rt-multi-thread", "parking_lot", "time", "sync"] }
tokio = { version = "1.6.0", features = ["net", "rt-multi-thread", "parking_lot", "time", "sync"] }
tokio-rustls = { version = "0.22.0", features = ["early-data"], optional = true }
odoh-rs = "0.1.11"
rand = "0.7"

34
src/libdoh/src/lib.rs
View file

@ -1,8 +1,8 @@
mod constants;
pub mod dns;
pub mod odoh;
mod errors;
mod globals;
pub mod odoh;
#[cfg(feature = "tls")]
mod tls;
@ -49,7 +49,7 @@ impl DoHType {
#[derive(Clone, Debug)]
pub struct DoH {
pub globals: Arc<Globals>
pub globals: Arc<Globals>,
}
#[allow(clippy::unnecessary_wraps)]
@ -121,14 +121,14 @@ impl DoH {
match Self::parse_content_type(&req) {
Ok(DoHType::Standard) => self.serve_doh_post(req).await,
Ok(DoHType::Oblivious) => self.serve_odoh_post(req).await,
Err(response) => return Ok(response)
Err(response) => return Ok(response),
}
}
async fn serve_doh_post(&self, req:Request<Body>) -> Result<Response<Body>, http::Error> {
async fn serve_doh_post(&self, req: Request<Body>) -> Result<Response<Body>, http::Error> {
let query = match self.read_body(req.into_body()).await {
Ok(q) => q,
Err(e) => return http_error(StatusCode::from(e))
Err(e) => return http_error(StatusCode::from(e)),
};
let resp = match self.proxy(query).await {
@ -142,21 +142,21 @@ impl DoH {
}
}
async fn serve_odoh_post(&self, req:Request<Body>) -> Result<Response<Body>, http::Error> {
async fn serve_odoh_post(&self, req: Request<Body>) -> Result<Response<Body>, http::Error> {
let query_body = match self.read_body(req.into_body()).await {
Ok(q) => q,
Err(e) => return http_error(StatusCode::from(e))
Err(e) => return http_error(StatusCode::from(e)),
};
let odoh_public_key = (*self.globals.odoh_rotator).clone().current_key();
let (query, context) = match (*odoh_public_key).clone().decrypt_query(query_body).await {
Ok((q, context)) => (q.to_vec(), context),
Err(e) => return http_error(StatusCode::from(e))
Err(e) => return http_error(StatusCode::from(e)),
};
let resp_body = match self.proxy(query).await {
Ok(resp) => resp,
Err(e) => return http_error(StatusCode::from(e))
Err(e) => return http_error(StatusCode::from(e)),
};
let resp = match context.encrypt_response(resp_body.packet).await {
@ -200,7 +200,9 @@ impl DoH {
};
let resp = match self.proxy(question).await {
Ok(dns_resp) => self.build_response(dns_resp.packet, dns_resp.ttl, DoHType::Standard.as_str()),
Ok(dns_resp) => {
self.build_response(dns_resp.packet, dns_resp.ttl, DoHType::Standard.as_str())
}
Err(e) => Err(e),
};
match resp {
@ -298,13 +300,15 @@ impl DoH {
dns::add_edns_padding(&mut packet)
.map_err(|_| DoHError::TooLarge)
.ok();
Ok(DnsResponse{
packet,
ttl,
})
Ok(DnsResponse { packet, ttl })
}
fn build_response(&self, packet: Vec<u8>, ttl: u32, content_type: String) -> Result<Response<Body>, DoHError> {
fn build_response(
&self,
packet: Vec<u8>,
ttl: u32,
content_type: String,
) -> Result<Response<Body>, DoHError> {
let packet_len = packet.len();
let response = Response::builder()
.header(hyper::header::CONTENT_LENGTH, packet_len)

72
src/libdoh/src/odoh.rs
View file

@ -1,20 +1,18 @@
use crate::constants::ODOH_KEY_ROTATION_SECS;
use crate::errors::DoHError;
use std::sync::Arc;
use arc_swap::ArcSwap;
use std::time::Duration;
use tokio::runtime;
use hpke::kex::Serializable;
use odoh_rs::key_utils::{derive_keypair_from_seed};
use odoh_rs::protocol::{create_response_msg,
parse_received_query, RESPONSE_NONCE_SIZE,
ObliviousDoHQueryBody, Serialize, Deserialize,
ObliviousDoHKeyPair, ObliviousDoHConfigContents,
ObliviousDoHConfig, ObliviousDoHConfigs,
ObliviousDoHMessage, ObliviousDoHMessageType,
use odoh_rs::key_utils::derive_keypair_from_seed;
use odoh_rs::protocol::{
create_response_msg, parse_received_query, Deserialize, ObliviousDoHConfig,
ObliviousDoHConfigContents, ObliviousDoHConfigs, ObliviousDoHKeyPair, ObliviousDoHMessage,
ObliviousDoHMessageType, ObliviousDoHQueryBody, Serialize, RESPONSE_NONCE_SIZE,
};
use rand::Rng;
use std::fmt;
use std::sync::Arc;
use std::time::Duration;
use tokio::runtime;
// https://cfrg.github.io/draft-irtf-cfrg-hpke/draft-irtf-cfrg-hpke.html#name-algorithm-identifiers
const DEFAULT_HPKE_SEED_SIZE: usize = 32;
@ -45,9 +43,9 @@ fn generate_key_pair() -> ObliviousDoHKeyPair {
let (secret_key, public_key) = derive_keypair_from_seed(&ikm);
let public_key_bytes = public_key.to_bytes().to_vec();
let odoh_public_key = ObliviousDoHConfigContents {
kem_id: DEFAULT_HPKE_KEM,
kdf_id: DEFAULT_HPKE_KDF,
aead_id: DEFAULT_HPKE_AEAD,
kem_id: DEFAULT_HPKE_KEM,
kdf_id: DEFAULT_HPKE_KDF,
aead_id: DEFAULT_HPKE_AEAD,
public_key: public_key_bytes,
};
ObliviousDoHKeyPair {
@ -56,10 +54,11 @@ fn generate_key_pair() -> ObliviousDoHKeyPair {
}
}
impl ODoHPublicKey {
impl ODoHPublicKey {
pub fn new() -> Result<ODoHPublicKey, DoHError> {
let key_pair = generate_key_pair();
let config = ObliviousDoHConfig::new(&key_pair.public_key.clone().to_bytes().unwrap()).unwrap();
let config =
ObliviousDoHConfig::new(&key_pair.public_key.clone().to_bytes().unwrap()).unwrap();
let serialized_configs = ObliviousDoHConfigs {
configs: vec![config.clone()],
}
@ -67,9 +66,9 @@ impl ODoHPublicKey {
.unwrap()
.to_vec();
Ok(ODoHPublicKey{
Ok(ODoHPublicKey {
key: key_pair,
serialized_configs: serialized_configs
serialized_configs: serialized_configs,
})
}
@ -77,15 +76,18 @@ impl ODoHPublicKey {
self.serialized_configs
}
pub async fn decrypt_query(self, encrypted_query: Vec<u8>) -> Result<(Vec<u8>, ODoHQueryContext), DoHError> {
pub async fn decrypt_query(
self,
encrypted_query: Vec<u8>,
) -> Result<(Vec<u8>, ODoHQueryContext), DoHError> {
let odoh_query = match ObliviousDoHMessage::from_bytes(&encrypted_query) {
Ok(q) => {
if q.msg_type != ObliviousDoHMessageType::Query {
return Err(DoHError::InvalidData);
}
q
},
Err(_) => return Err(DoHError::InvalidData)
}
Err(_) => return Err(DoHError::InvalidData),
};
match self.key.public_key.identifier() {
@ -93,15 +95,15 @@ impl ODoHPublicKey {
if !key_id.eq(&odoh_query.key_id) {
return Err(DoHError::StaleKey);
}
},
Err(_) => return Err(DoHError::InvalidData)
}
Err(_) => return Err(DoHError::InvalidData),
};
let (query, server_secret) = match parse_received_query(&self.key, &encrypted_query).await {
Ok((pq, ss)) => (pq, ss),
Err(_) => return Err(DoHError::InvalidData)
Err(_) => return Err(DoHError::InvalidData),
};
let context = ODoHQueryContext{
let context = ODoHQueryContext {
query: query.clone(),
secret: server_secret,
};
@ -112,11 +114,15 @@ impl ODoHPublicKey {
impl ODoHQueryContext {
pub async fn encrypt_response(self, response_body: Vec<u8>) -> Result<Vec<u8>, DoHError> {
let response_nonce = rand::thread_rng().gen::<[u8; RESPONSE_NONCE_SIZE]>();
create_response_msg(&self.secret, &response_body, None, Some(response_nonce.to_vec()), &self.query)
.await
.map_err(|_| {
DoHError::InvalidData
})
create_response_msg(
&self.secret,
&response_body,
None,
Some(response_nonce.to_vec()),
&self.query,
)
.await
.map_err(|_| DoHError::InvalidData)
}
}
@ -140,14 +146,14 @@ impl ODoHRotator {
match ODoHPublicKey::new() {
Ok(key) => {
current_key.store(Arc::new(key));
},
}
Err(e) => eprintln!("ODoH key rotation error: {}", e),
};
}
});
Ok(ODoHRotator{
key: Arc::clone(&odoh_key)
Ok(ODoHRotator {
key: Arc::clone(&odoh_key),
})
}
@ -155,4 +161,4 @@ impl ODoHRotator {
let key = Arc::clone(&self.key);
Arc::clone(&key.load())
}
}
}