Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

kaboom the compiler

Browse Source
pull/5/head
Frank Denis 5 years ago
parent 77a5878a52
commit 0592855b25
5 changed files with 69 additions and 37 deletions
Show Stats Download Patch File Download Diff File

34
src/config.rs
Unescape Escape View File

@ -1,11 +1,15 @@
use crate::crypto::*;
use crate::dnscrypt_certs::*;
use crate::errors::*;
use std::fs::File;
use std::fs::{File, OpenOptions};
use std::io::prelude::*;
use std::net::{IpAddr, SocketAddr};
use std::path::{Path, PathBuf};
#[cfg(unix)]
use std::os::unix::fs::OpenOptionsExt;
#[derive(Serialize, Deserialize, Debug)]
pub struct DNSCryptConfig {
pub provider_name: String,
@ -53,11 +57,37 @@ impl Config {
#[derive(Serialize, Deserialize, Debug)]
pub struct State {
pub provider_kp: SignKeyPair,
pub dnscrypt_encryption_params_set: Vec<DNSCryptEncryptionParams>,
}
impl State {
pub fn new() -> Self {
let provider_kp = SignKeyPair::new();
State { provider_kp }
let dnscrypt_encryption_params_set = vec![DNSCryptEncryptionParams::new(&provider_kp)];
State {
provider_kp,
dnscrypt_encryption_params_set,
}
}
pub fn save<P: AsRef<Path>>(&self, path: P) -> Result<(), Error> {
let mut fpb = OpenOptions::new();
let mut fpb = fpb.create(true).write(true);
#[cfg(unix)]
{
fpb = fpb.mode(0o600);
}
let mut fp = fpb.open(path.as_ref())?;
let state_bin = toml::to_vec(&self)?;
fp.write_all(&state_bin)?;
Ok(())
}
pub fn from_file<P: AsRef<Path>>(path: P) -> Result<Self, Error> {
let mut fp = File::open(path.as_ref())?;
let mut state_bin = vec![];
fp.read_to_end(&mut state_bin)?;
let state = toml::from_slice(&state_bin)?;
Ok(state)
}
}

12
src/crypto.rs
Unescape Escape View File

@ -25,7 +25,7 @@ impl Signature {
big_array! { BigArray; }
#[derive(Serialize, Deserialize, Derivative)]
#[derive(Serialize, Deserialize, Derivativ, Clone)]
#[derivative(Default)]
pub struct SignSK(
#[serde(with = "BigArray")]
@ -58,7 +58,7 @@ impl SignSK {
}
}
#[derive(Debug, Serialize, Deserialize, Default)]
#[derive(Debug, Serialize, Deserialize, Default, Clone)]
pub struct SignPK([u8; crypto_sign_PUBLICKEYBYTES as usize]);
impl SignPK {
@ -75,7 +75,7 @@ impl SignPK {
}
}
#[derive(Derivative, Serialize, Deserialize)]
#[derive(Derivative, Serialize, Deserialize, Clone)]
#[derivative(Debug, Default)]
pub struct SignKeyPair {
#[derivative(Debug = "ignore")]
@ -91,7 +91,7 @@ impl SignKeyPair {
}
}
#[derive(Debug, Default, Clone)]
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct CryptSK([u8; crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES as usize]);
impl CryptSK {
@ -108,7 +108,7 @@ impl CryptSK {
}
}
#[derive(Debug, Default, Clone)]
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct CryptPK([u8; crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES as usize]);
impl CryptPK {
@ -125,7 +125,7 @@ impl CryptPK {
}
}
#[derive(Debug, Default, Clone)]
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct CryptKeyPair {
pub sk: CryptSK,
pub pk: CryptPK,

17
src/dnscrypt_certs.rs
Unescape Escape View File

@ -1,3 +1,4 @@
use crate::config::*;
use crate::crypto::*;
use crate::globals::*;
@ -14,7 +15,7 @@ fn now() -> u32 {
Clock::now_since_epoch().as_secs() as u32
}
#[derive(Debug, Default, Clone)]
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
#[repr(C, packed)]
pub struct DNSCryptCertInner {
resolver_pk: [u8; 32],
@ -30,7 +31,9 @@ impl DNSCryptCertInner {
}
}
#[derive(Derivative)]
big_array! { BigArray; }
#[derive(Derivative, Serialize, Deserialize)]
#[derivative(Debug, Default, Clone)]
#[repr(C, packed)]
pub struct DNSCryptCert {
@ -38,6 +41,7 @@ pub struct DNSCryptCert {
es_version: [u8; 2],
minor_version: [u8; 2],
#[derivative(Debug = "ignore", Default(value = "[0u8; 64]"))]
#[serde(with = "BigArray")]
signature: [u8; 64],
inner: DNSCryptCertInner,
}
@ -86,7 +90,7 @@ impl DNSCryptCert {
}
}
#[derive(Debug)]
#[derive(Serialize, Deserialize, Debug)]
pub struct DNSCryptEncryptionParams {
dnscrypt_cert: DNSCryptCert,
resolver_kp: CryptKeyPair,
@ -137,6 +141,13 @@ impl DNSCryptEncryptionParamsUpdater {
}
let new_params = DNSCryptEncryptionParams::new(&self.globals.provider_kp);
new_params_set.push(Arc::new(new_params));
let state = State {
provider_kp: self.globals.provider_kp.clone(),
dnscrypt_encryption_params_set: new_params_set,
};
state.save(&self.globals.state_file);
*self.globals.dnscrypt_encryption_params_set.write() = Arc::new(new_params_set);
}

2
src/globals.rs
Unescape Escape View File

@ -4,6 +4,7 @@ use crate::dnscrypt_certs::*;
use parking_lot::{Mutex, RwLock};
use std::collections::vec_deque::VecDeque;
use std::net::SocketAddr;
use std::path::PathBuf;
use std::sync::atomic::AtomicU32;
use std::sync::Arc;
use std::time::Duration;
@ -13,6 +14,7 @@ use tokio::sync::oneshot;
#[derive(Debug)]
pub struct Globals {
pub runtime: Arc<Runtime>,
pub state_file: PathBuf,
pub dnscrypt_encryption_params_set: Arc<RwLock<Arc<Vec<Arc<DNSCryptEncryptionParams>>>>>,
pub provider_name: String,
pub provider_kp: SignKeyPair,

41
src/main.rs
Unescape Escape View File

@ -1,7 +1,7 @@
//#![allow(clippy::assertions_on_constants)]
//#![allow(unused_imports)]
//#![allow(unused_variables)]
//#![allow(dead_code)]
#![allow(clippy::assertions_on_constants)]
#![allow(unused_imports)]
#![allow(unused_variables)]
#![allow(dead_code)]
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
@ -47,7 +47,7 @@ use privdrop::PrivDrop;
use rand::prelude::*;
use std::collections::vec_deque::VecDeque;
use std::convert::TryFrom;
use std::fs::{File, OpenOptions};
use std::fs::File;
use std::io::prelude::*;
use std::mem;
use std::net::SocketAddr;
@ -60,9 +60,6 @@ use tokio::runtime::Runtime;
use tokio::sync::oneshot;
use tokio_net::driver::Handle;
#[cfg(unix)]
use std::os::unix::fs::OpenOptionsExt;
#[derive(Debug)]
struct UdpClientCtx {
net_udp_socket: std::net::UdpSocket,
@ -401,29 +398,19 @@ fn main() -> Result<(), Error> {
let external_addr = SocketAddr::new(config.external_addr, 0);
let state_file = &config.state_file;
let state = match File::open(state_file) {
let state = match State::from_file(state_file) {
Err(_) => {
println!("No state file found... creating a new provider key");
let state = State::new();
let mut fpb = OpenOptions::new();
let mut fpb = fpb.create(true).write(true);
#[cfg(unix)]
{
fpb = fpb.mode(0o600);
}
let mut fp = fpb.open(state_file)?;
let state_bin = toml::to_vec(&state)?;
fp.write_all(&state_bin)?;
state.save(state_file)?;
state
}
Ok(mut fp) => {
Ok(state) => {
println!(
"State file [{}] found; using existing provider key",
state_file.as_os_str().to_string_lossy()
);
let mut state_bin = vec![];
fp.read_to_end(&mut state_bin)?;
toml::from_slice(&state_bin)?
state
}
};
let provider_kp = state.provider_kp;
@ -445,7 +432,11 @@ fn main() -> Result<(), Error> {
println!("DNS Stamp: {}", stamp);
}
let dnscrypt_encryption_params = DNSCryptEncryptionParams::new(&provider_kp);
let dnscrypt_encryption_params = state
.dnscrypt_encryption_params
.into_iter()
.map(Arc::new)
.collect::<Vec<_>>();
let mut runtime_builder = tokio::runtime::Builder::new();
runtime_builder.name_prefix("encrypted-dns-");
let runtime = Arc::new(runtime_builder.build()?);
@ -466,9 +457,7 @@ fn main() -> Result<(), Error> {
}
let globals = Arc::new(Globals {
runtime: runtime.clone(),
dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(vec![Arc::new(
dnscrypt_encryption_params,
)]))),
dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(dnscrypt_encryption_params))),
provider_name,
provider_kp,
listen_addrs: config.listen_addrs,

Write Preview
Loading…
Cancel
Save