mirror of
https://github.com/SamTherapy/dnscrypt.git
synced 2024-10-02 16:32:51 +00:00
114 lines
3.9 KiB
Go
114 lines
3.9 KiB
Go
package dnscrypt
|
|
|
|
import "errors"
|
|
|
|
var (
|
|
// ErrTooShort - DNS query is shorter than possible
|
|
ErrTooShort = errors.New("DNSCrypt message is too short")
|
|
|
|
// ErrQueryTooLarge - DNS query is larger than max allowed size
|
|
ErrQueryTooLarge = errors.New("DNSCrypt query is too large")
|
|
|
|
// ErrEsVersion - cert contains unsupported es-version
|
|
ErrEsVersion = errors.New("unsupported es-version")
|
|
|
|
// ErrInvalidDate - cert is not valid for the current time
|
|
ErrInvalidDate = errors.New("cert has invalid ts-start or ts-end")
|
|
|
|
// ErrInvalidCertSignature - cert has invalid signature
|
|
ErrInvalidCertSignature = errors.New("cert has invalid signature")
|
|
|
|
// ErrInvalidQuery - failed to decrypt a DNSCrypt query
|
|
ErrInvalidQuery = errors.New("DNSCrypt query is invalid and cannot be decrypted")
|
|
|
|
// ErrInvalidClientMagic - client-magic does not match
|
|
ErrInvalidClientMagic = errors.New("DNSCrypt query contains invalid client magic")
|
|
|
|
// ErrInvalidResolverMagic - server-magic does not match
|
|
ErrInvalidResolverMagic = errors.New("DNSCrypt response contains invalid resolver magic")
|
|
|
|
// ErrInvalidResponse - failed to decrypt a DNSCrypt response
|
|
ErrInvalidResponse = errors.New("DNSCrypt response is invalid and cannot be decrypted")
|
|
|
|
// ErrInvalidPadding - failed to unpad a query
|
|
ErrInvalidPadding = errors.New("invalid padding")
|
|
|
|
// ErrInvalidDNSStamp - invalid DNS stamp
|
|
ErrInvalidDNSStamp = errors.New("invalid DNS stamp")
|
|
|
|
// ErrFailedToFetchCert - failed to fetch DNSCrypt certificate
|
|
ErrFailedToFetchCert = errors.New("failed to fetch DNSCrypt certificate")
|
|
|
|
// ErrCertTooShort - failed to deserialize cert, too short
|
|
ErrCertTooShort = errors.New("cert is too short")
|
|
|
|
// ErrCertMagic - invalid cert magic
|
|
ErrCertMagic = errors.New("invalid cert magic")
|
|
|
|
// ErrServerConfig - failed to start the DNSCrypt server - invalid configuration
|
|
ErrServerConfig = errors.New("invalid server configuration")
|
|
)
|
|
|
|
const (
|
|
// <min-query-len> is a variable length, initially set to 256 bytes, and
|
|
// must be a multiple of 64 bytes. (see https://dnscrypt.info/protocol)
|
|
// Some servers do not work if padded length is less than 256. Example: Quad9
|
|
minUDPQuestionSize = 256
|
|
|
|
// <max-query-len> - maximum allowed query length
|
|
maxQueryLen = 1252
|
|
|
|
// Minimum possible DNS packet size
|
|
minDNSPacketSize = 12 + 5
|
|
|
|
// See 11. Authenticated encryption and key exchange algorithm
|
|
// The public and secret keys are 32 bytes long in storage
|
|
keySize = 32
|
|
|
|
// size of the shared key used to encrypt/decrypt messages
|
|
sharedKeySize = 32
|
|
|
|
// ClientMagic - the first 8 bytes of a client query that is to be built
|
|
// using the information from this certificate. It may be a truncated
|
|
// public key. Two valid certificates cannot share the same <client-magic>.
|
|
clientMagicSize = 8
|
|
|
|
// When using X25519-XSalsa20Poly1305, this construction requires a 24 bytes
|
|
// nonce, that must not be reused for a given shared secret.
|
|
nonceSize = 24
|
|
|
|
// the first 8 bytes of every dnscrypt response. must match resolverMagic.
|
|
resolverMagicSize = 8
|
|
)
|
|
|
|
var (
|
|
// certMagic - bytes sequence that must be in the beginning of the serialized cert
|
|
certMagic = [4]byte{0x44, 0x4e, 0x53, 0x43}
|
|
|
|
// resolverMagic - byte sequence that must be in the beginning of every response
|
|
resolverMagic = []byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
|
|
)
|
|
|
|
// CryptoConstruction represents the encryption algorithm (either XSalsa20Poly1305 or XChacha20Poly1305)
|
|
type CryptoConstruction uint16
|
|
|
|
const (
|
|
// UndefinedConstruction is the default value for empty CertInfo only
|
|
UndefinedConstruction CryptoConstruction = iota
|
|
// XSalsa20Poly1305 encryption
|
|
XSalsa20Poly1305 CryptoConstruction = 0x0001
|
|
// XChacha20Poly1305 encryption
|
|
XChacha20Poly1305 CryptoConstruction = 0x0002
|
|
)
|
|
|
|
func (c CryptoConstruction) String() string {
|
|
switch c {
|
|
case XChacha20Poly1305:
|
|
return "XChacha20Poly1305"
|
|
case XSalsa20Poly1305:
|
|
return "XSalsa20Poly1305"
|
|
default:
|
|
return "Unknown"
|
|
}
|
|
}
|