check txt query for provider name

Makefile

@@ -39,6 +39,8 @@ libnacl/build/localhost/lib/local/libnacl.a:
 libevent/.libs/libevent.a:
 	@make -C libevent
 
+$(LIB_OBJS): $(LIB_H)
+
 all:: dnscrypt-wrapper
 
 dnscrypt-wrapper: $(LIB_OBJS) $(LDADD)

cert.c

@@ -1,17 +1,36 @@
 #include "dnscrypt.h"
 
-SignedBincert * 
-cert_gen_signed_cert(struct context *c)
+static uint8_t signed_cert_txt[1 + sizeof(struct SignedCert)];
+
+uint8_t *
+cert_signed_cert_txt_binarydata(struct context *c, size_t *size)
 {
-    SignedBincert *signed_cert = malloc(sizeof(SignedBincert));
-    if (!signed_cert)
-        return NULL;
+    struct SignedCert *signed_cert = (struct SignedCert *)(signed_cert_txt + 1);
 
     memcpy(signed_cert->magic_cert, CERT_MAGIC_CERT, 4);
-    /*memcpy(signed_cert->version_major, CERT_MAJOR_VERSION, 2);*/
-    /*memcpy(signed_cert->version_minor, CERT_MINOR_VERSION, 2);*/
-    /*memcpy(signed_cert->server_publickey, c->crypt_publickey, crypto_box_PUBLICKEYBYTES);*/
-    /*memcpy(signed_cert->magic_query, CERT_MAGIC_HEADER, sizeof(signed_cert->magic_query));*/
-    /*memcpy(signed_cert->serial, "0001", */
-    return signed_cert;
+    signed_cert->version_major[0] = 0;
+    signed_cert->version_major[1] = 1;
+    signed_cert->version_minor[0] = 0;
+    signed_cert->version_minor[1] = 0;
+
+    memcpy(signed_cert->server_publickey, c->crypt_publickey, crypto_box_PUBLICKEYBYTES);
+    memcpy(signed_cert->magic_query, CERT_MAGIC_HEADER, sizeof(signed_cert->magic_query));
+    memcpy(signed_cert->serial, "0001", 4);
+    uint32_t ts_begin = (uint32_t)time(NULL) - 365*24*3600;
+    uint32_t ts_end = ts_begin + 365*24*3600;
+    memcpy(signed_cert->ts_begin, &ts_begin, 4);
+    memcpy(signed_cert->ts_end, &ts_end, 4);
+    memset(signed_cert->end, 0, sizeof(signed_cert->end));
+
+    // sign
+    size_t crypted_signed_data_len = 0;
+    size_t signed_data_len = sizeof(struct SignedCert) - offsetof(struct SignedCert, server_publickey) - sizeof(signed_cert->end);
+    if (crypto_sign_ed25519(signed_cert->server_publickey, (unsigned long long *)&crypted_signed_data_len, signed_cert->server_publickey, signed_data_len, c->provider_secretkey) != 0) {
+        *size = 0;
+        return NULL;
+    }
+
+    *((char *)signed_cert -1) = sizeof(struct SignedCert);
+    *size = sizeof(struct SignedCert) + 1;
+    return (uint8_t *)((char *)signed_cert - 1);
 }

cert.h

@@ -7,25 +7,19 @@
 #define CERT_MINOR_VERSION 0
 #define CERT_MAGIC_HEADER "7PYqwfzt"
 
-typedef struct Bincert_ {
+struct SignedCert {
     uint8_t magic_cert[4];
     uint8_t version_major[2];
     uint8_t version_minor[2];
 
+    // Signed Content
     uint8_t server_publickey[crypto_box_PUBLICKEYBYTES];
     uint8_t magic_query[8];
     uint8_t serial[4];
     uint8_t ts_begin[4];
     uint8_t ts_end[4];
-    uint8_t end[];
-} Bincert;
-
-typedef struct SignedBincert_ {
-    uint8_t magic_cert[4];
-    uint8_t version_major[2];
-    uint8_t version_minor[2];
-
-    uint8_t signed_data[];
-} SignedBincert;
+    uint8_t end[64];
+};
 
+uint8_t * cert_signed_cert_txt_binarydata(struct context *c, size_t *size);
 #endif

dns-protocol.h

@@ -102,7 +102,7 @@ struct dns_header {
 }
 
 #define PUTSHORT(s, cp) { \
-	u16 t_s = (u16)(s); \
+	uint16_t t_s = (uint16_t)(s); \
 	unsigned char *t_cp = (unsigned char *)(cp); \
 	*t_cp++ = t_s >> 8; \
 	*t_cp   = t_s; \

dnscrypt.h

@@ -128,4 +128,25 @@ uint64_t dnscrypt_hrtime(void);
 void dnscrypt_key_to_fingerprint(char fingerprint[80U], const uint8_t * const key);
 int dnscrypt_fingerprint_to_key(const char * const fingerprint, uint8_t key[crypto_box_PUBLICKEYBYTES]);
 
+static inline void
+print_binary_string(uint8_t *s, size_t count)
+{
+    for (size_t i = 1; i <= count; i++) {
+        uint8_t x = *((uint8_t *)s + i);
+        if (x >= (uint8_t)'0' && x <= (uint8_t)'9') {
+            printf("%d", x);
+        } else if (x >= (uint8_t)'a' && x <= (uint8_t)'z') {
+            printf("%c", x);
+        } else if (x >= (uint8_t)'A' && x <= (uint8_t)'Z') {
+            printf("%c", x);
+        } else {
+            printf("\\%03d", x);
+        }
+        if (i % 16 == 0) {
+            printf("\n");
+        }
+    }
+    printf("\n");
+}
+
 #endif

main.c

@@ -192,7 +192,7 @@ main(int argc, const char **argv)
         OPT_BOOLEAN('d', "daemonize", &c.daemonize, "run as daemon (default: off)"),
         OPT_BOOLEAN('t', "tcp-only", &c.tcp_only, "use tcp only (default: off)"),
         OPT_STRING('l', "logfile", &c.logfile, "log file path (default: stdout)"),
-        OPT_STRING(0, "provider-name", &c.provider_name, "provider name (default: 2.cert.dnscrypt.org)"),
+        OPT_STRING(0, "provider-name", &c.provider_name, "provider name"),
         OPT_STRING(0, "provider-publickey-file", &c.provider_publickey_file, "provider public key file"),
         OPT_STRING(0, "provider-secretkey-file", &c.provider_secretkey_file, "provider secret key file"),
         OPT_BOOLEAN(0, "gen-provider-keypair", &gen_provider_keypair, "generate provider key pair"),
@@ -298,6 +298,11 @@ main(int argc, const char **argv)
         c.user_dir = strdup(pw->pw_dir);
     }
 
+    if (!c.provider_name) {
+        logger(LOG_ERR, "You must specify --provider-name.");
+        exit(1);
+    }
+
     // provider public & secret key
     if (!c.provider_publickey_file || !c.provider_secretkey_file) {
         logger(LOG_ERR, "You must provide --provider-publickey-file and --provider-secretkey-file.");

misc/README

@@ -0,0 +1 @@
+public key fingerprint: 4298:5F65:C295:DFAE:2BFB:20AD:5C47:F565:78EB:2404:EF83:198C:85DB:68F1:3E33:E952

misc/public.key

@@ -1 +1 @@
-n����н�F��PC�f<^V^�C���e�c
+B�_e•߮+� �\G�ex�$����h�>3�R

misc/secret.key

@@ -1 +1 @@
-%�<��Q����'��J���t�9�x�h��3yn����н�F��PC�f<^V^�C���e�c
+n�G���cי���kM�I�`+������<� �/��B�_e•߮+� �\G�ex�$����h�>3�R

rfc1035.c

@@ -217,3 +217,177 @@ questions_crc(struct dns_header *header, size_t plen, char *name)
 
   return crc;
 }
+
+static unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes)
+{
+  while(1)
+    {
+      unsigned int label_type;
+
+      if (!CHECK_LEN(header, ansp, plen, 1))
+    return NULL;
+
+      label_type = (*ansp) & 0xc0;
+
+      if (label_type == 0xc0)
+    {
+      /* pointer for compression. */
+      ansp += 2;
+      break;
+    }
+      else if (label_type == 0x80)
+    return NULL; /* reserved */
+      else if (label_type == 0x40)
+    {
+      /* Extended label type */
+      unsigned int count;
+
+      if (!CHECK_LEN(header, ansp, plen, 2))
+        return NULL;
+
+    if (((*ansp++) & 0x3f) != 1)
+        return NULL; /* we only understand bitstrings */
+
+      count = *(ansp++); /* Bits in bitstring */
+
+      if (count == 0) /* count == 0 means 256 bits */
+        ansp += 32;
+      else
+        ansp += ((count-1)>>3)+1;
+    }
+      else
+    { /* label type == 0 Bottom six bits is length */
+      unsigned int len = (*ansp++) & 0x3f;
+
+      if (!ADD_RDLEN(header, ansp, plen, len))
+        return NULL;
+
+      if (len == 0)
+        break; /* zero length label marks the end. */
+    }
+    }
+
+  if (!CHECK_LEN(header, ansp, plen, extrabytes))
+    return NULL;
+
+  return ansp;
+}
+
+
+unsigned char *
+skip_questions(struct dns_header *header, size_t plen)
+{
+  int q;
+  unsigned char *ansp = (unsigned char *)(header+1);
+
+  for (q = ntohs(header->qdcount); q != 0; q--)
+    {
+      if (!(ansp = skip_name(ansp, header, plen, 4)))
+    return NULL;
+      ansp += 4; /* class and type */
+    }
+
+  return ansp;
+}
+
+unsigned char *
+do_rfc1035_name(unsigned char *p, char *sval)
+{   
+  int j;
+
+  while (sval && *sval)
+    {
+      unsigned char *cp = p++;
+      for (j = 0; *sval && (*sval != '.'); sval++, j++)
+    *p++ = *sval;
+      *cp  = j;
+      if (*sval)
+    sval++;
+    } 
+  return p;
+} 
+
+int
+add_resource_record(struct dns_header *header, unsigned int nameoffset, unsigned char **pp, 
+			       unsigned long ttl, unsigned int *offset, unsigned short type, unsigned short class, char *format, ...)
+{
+  va_list ap;
+  unsigned char *sav, *p = *pp;
+  int j;
+  unsigned short usval;
+  long lval;
+  char *sval;
+
+
+  PUTSHORT(nameoffset | 0xc000, p);
+  PUTSHORT(type, p);
+  PUTSHORT(class, p);
+  PUTLONG(ttl, p);      /* TTL */
+
+  sav = p;              /* Save pointer to RDLength field */
+  PUTSHORT(0, p);       /* Placeholder RDLength */
+
+  va_start(ap, format);   /* make ap point to 1st unamed argument */
+
+  for (; *format; format++)
+    switch (*format)
+      {
+#ifdef HAVE_IPV6
+      case '6':
+	sval = va_arg(ap, char *); 
+	memcpy(p, sval, IN6ADDRSZ);
+	p += IN6ADDRSZ;
+	break;
+#endif
+
+      case '4':
+	sval = va_arg(ap, char *); 
+	memcpy(p, sval, INADDRSZ);
+	p += INADDRSZ;
+	break;
+
+      case 's':
+	usval = va_arg(ap, int);
+	PUTSHORT(usval, p);
+	break;
+
+      case 'l':
+	lval = va_arg(ap, long);
+	PUTLONG(lval, p);
+	break;
+
+      case 'd':
+	/* get domain-name answer arg and store it in RDATA field */
+	if (offset)
+	  *offset = p - (unsigned char *)header;
+	p = do_rfc1035_name(p, va_arg(ap, char *));
+	*p++ = 0;
+	break;
+
+      case 't':
+	usval = va_arg(ap, int);
+	sval = va_arg(ap, char *);
+	if (usval != 0)
+	  memcpy(p, sval, usval);
+	p += usval;
+	break;
+
+      case 'z':
+	sval = va_arg(ap, char *);
+	usval = sval ? strlen(sval) : 0;
+	if (usval > 255)
+	  usval = 255;
+	*p++ = (unsigned char)usval;
+	memcpy(p, sval, usval);
+	p += usval;
+	break;
+      }
+
+  va_end(ap);	/* clean up variable argument pointer */
+
+  j = p - sav - 2;
+  PUTSHORT(j, sav);     /* Now, store real RDLength */
+
+  *pp = p;
+  return 1;
+}

rfc1035.h

@@ -7,4 +7,8 @@
 unsigned int questions_crc(struct dns_header *header, size_t plen, char *buff);
 int extract_name(struct dns_header *header, size_t plen, unsigned char **pp, char
         *name, int isExtract, int extrabytes);
+int add_resource_record(struct dns_header *header, unsigned int nameoffset, unsigned char **pp, 
+			       unsigned long ttl, unsigned int *offset, unsigned short type, unsigned short class, char *format, ...);
+unsigned char * skip_questions(struct dns_header *header, size_t plen);
+
 #endif