Last active
March 12, 2017 22:12
-
-
Save chantra/9e175e78e5cb2eb9a570e356f1298b11 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/dnscrypt/cert.h b/dnscrypt/cert.h | |
index 50c9f81..def2ca2 100644 | |
--- a/dnscrypt/cert.h | |
+++ b/dnscrypt/cert.h | |
@@ -15,12 +15,12 @@ struct SignedCert { | |
uint8_t version_minor[2]; | |
// Signed Content | |
+ uint8_t signed_content[64]; | |
uint8_t server_publickey[crypto_box_PUBLICKEYBYTES]; | |
uint8_t magic_query[8]; | |
uint8_t serial[4]; | |
uint8_t ts_begin[4]; | |
uint8_t ts_end[4]; | |
- uint8_t end[64]; | |
}; | |
diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c | |
index 3478f82..6831bf2 100644 | |
--- a/dnscrypt/dnscrypt.c | |
+++ b/dnscrypt/dnscrypt.c | |
@@ -400,11 +400,35 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) | |
* \param[in] env The dnsc_env structure which will hold the keypairs. | |
* \param[in] cfg The config with the secret key file paths. | |
*/ | |
+ | |
+static const char * | |
+key_get_version(uint8_t version[2]) | |
+{ | |
+ struct es_version { | |
+ uint8_t es_version[2]; | |
+ const char *name; | |
+ }; | |
+ | |
+ struct es_version es_versions[] = { | |
+ {{0x00, 0x01}, "X25519-XSalsa20Poly1305"}, | |
+ {{0x00, 0x02}, "X25519-XChacha20Poly1305"}, | |
+ }; | |
+ int i; | |
+ for(i=0; i < sizeof es_versions; i++){ | |
+ if(es_versions[i].es_version[0] == version[0] && | |
+ es_versions[i].es_version[1] == version[1]){ | |
+ return es_versions[i].name; | |
+ } | |
+ } | |
+ return NULL; | |
+} | |
+ | |
static int | |
dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) | |
{ | |
struct config_strlist *head; | |
size_t keypair_id; | |
+ size_t c; | |
env->keypairs_count = 0U; | |
for (head = cfg->dnscrypt_secret_key; head; head = head->next) { | |
@@ -427,8 +451,26 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) | |
env->keypairs[keypair_id].crypt_secretkey) != 0) { | |
fatal_exit("dnsc_parse_keys: could not generate public key from %s", head->str); | |
} | |
+ // find the cert matching this key | |
+ for(c = 0; c < env->signed_certs_count; c++) { | |
+ if(memcmp(env->keypairs[keypair_id].crypt_publickey, | |
+ env->signed_certs[c].server_publickey, | |
+ crypto_box_PUBLICKEYBYTES) == 0) { | |
+ memcpy(env->keypairs[keypair_id].es_version, | |
+ env->signed_certs[c].version_major, | |
+ sizeof env->signed_certs[c].version_major | |
+ ); | |
+ break; | |
+ } | |
+ } | |
+ if (c == env->signed_certs_count) { | |
+ fatal_exit("dnsc_parse_keys: could not match certificate for key " | |
+ "%s. Unable to determine ES version.", | |
+ head->str); | |
+ } | |
dnsc_key_to_fingerprint(fingerprint, env->keypairs[keypair_id].crypt_publickey); | |
verbose(VERB_OPS, "Crypt public key fingerprint for %s: %s", head->str, fingerprint); | |
+ verbose(VERB_OPS, "Using %s", key_get_version(env->keypairs[keypair_id].es_version)); | |
} | |
return keypair_id; | |
} | |
diff --git a/dnscrypt/dnscrypt.h b/dnscrypt/dnscrypt.h | |
index aa1d9f2..3f6abb6 100644 | |
--- a/dnscrypt/dnscrypt.h | |
+++ b/dnscrypt/dnscrypt.h | |
@@ -34,6 +34,7 @@ struct comm_reply; | |
typedef struct KeyPair_ { | |
uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES]; | |
uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES]; | |
+ uint8_t es_version[2]; | |
} KeyPair; | |
struct dnsc_env { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment