|
|
|
@ -12,18 +12,13 @@ pub const DNSCRYPT_CLIENT_MAGIC_SIZE: usize = 8;
|
|
|
|
|
pub const DNSCRYPT_CLIENT_PK_SIZE: usize = 32;
|
|
|
|
|
pub const DNSCRYPT_CLIENT_NONCE_SIZE: usize =
|
|
|
|
|
crypto_box_curve25519xchacha20poly1305_HALFNONCEBYTES as usize;
|
|
|
|
|
pub const DNSCRYPT_FULL_NONCE_SIZE: usize =
|
|
|
|
|
crypto_box_curve25519xchacha20poly1305_NONCEBYTES as usize;
|
|
|
|
|
|
|
|
|
|
pub fn decrypt(
|
|
|
|
|
wrapped_packet: &[u8],
|
|
|
|
|
dnscrypt_encryption_params_set: &[DNSCryptEncryptionParams],
|
|
|
|
|
) -> Result<
|
|
|
|
|
(
|
|
|
|
|
SharedKey,
|
|
|
|
|
[u8; crypto_box_curve25519xchacha20poly1305_NONCEBYTES as usize],
|
|
|
|
|
Vec<u8>,
|
|
|
|
|
),
|
|
|
|
|
Error,
|
|
|
|
|
> {
|
|
|
|
|
) -> Result<(SharedKey, [u8; DNSCRYPT_FULL_NONCE_SIZE as usize], Vec<u8>), Error> {
|
|
|
|
|
ensure!(
|
|
|
|
|
wrapped_packet.len()
|
|
|
|
|
>= DNSCRYPT_CLIENT_MAGIC_SIZE
|
|
|
|
@ -46,7 +41,7 @@ pub fn decrypt(
|
|
|
|
|
.find(|p| p.client_magic() == client_magic)
|
|
|
|
|
.ok_or_else(|| format_err!("Client magic not found"))?;
|
|
|
|
|
|
|
|
|
|
let mut nonce = [0u8; crypto_box_curve25519xchacha20poly1305_NONCEBYTES as usize];
|
|
|
|
|
let mut nonce = [0u8; DNSCRYPT_FULL_NONCE_SIZE as usize];
|
|
|
|
|
&mut nonce[..DNSCRYPT_CLIENT_NONCE_SIZE].copy_from_slice(client_nonce);
|
|
|
|
|
let resolver_kp = dnscrypt_encryption_params.resolver_kp();
|
|
|
|
|
let shared_key = resolver_kp.compute_shared_key(client_pk)?;
|
|
|
|
@ -57,9 +52,13 @@ pub fn decrypt(
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn encrypt(
|
|
|
|
|
packet: &[u8],
|
|
|
|
|
packet: Vec<u8>,
|
|
|
|
|
shared_key: &SharedKey,
|
|
|
|
|
nonce: &[u8; crypto_box_curve25519xchacha20poly1305_NONCEBYTES as usize],
|
|
|
|
|
) {
|
|
|
|
|
//
|
|
|
|
|
nonce: &[u8; DNSCRYPT_FULL_NONCE_SIZE as usize],
|
|
|
|
|
) -> Result<Vec<u8>, Error> {
|
|
|
|
|
let mut wrapped_packet = vec![0x72u8, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38];
|
|
|
|
|
wrapped_packet.extend_from_slice(nonce);
|
|
|
|
|
let encrypted_packet = shared_key.encrypt(nonce, packet)?;
|
|
|
|
|
wrapped_packet.extend_from_slice(&encrypted_packet);
|
|
|
|
|
Ok(wrapped_packet)
|
|
|
|
|
}
|
|
|
|
|