1 #ifndef UNBOUND_DNSCRYPT_H
2 #define UNBOUND_DNSCRYPT_H
6 * dnscrypt functions for encrypting DNS packets.
9 #include "dnscrypt/dnscrypt_config.h"
12 #define DNSCRYPT_MAGIC_HEADER_LEN 8U
13 #define DNSCRYPT_MAGIC_RESPONSE "r6fnvWj8"
15 #ifndef DNSCRYPT_MAX_PADDING
16 # define DNSCRYPT_MAX_PADDING 256U
18 #ifndef DNSCRYPT_BLOCK_SIZE
19 # define DNSCRYPT_BLOCK_SIZE 64U
21 #ifndef DNSCRYPT_MIN_PAD_LEN
22 # define DNSCRYPT_MIN_PAD_LEN 8U
25 #define crypto_box_HALF_NONCEBYTES (crypto_box_NONCEBYTES / 2U)
28 #include "dnscrypt/cert.h"
30 #define DNSCRYPT_QUERY_HEADER_SIZE \
31 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_PUBLICKEYBYTES + crypto_box_HALF_NONCEBYTES + crypto_box_MACBYTES)
32 #define DNSCRYPT_RESPONSE_HEADER_SIZE \
33 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_NONCEBYTES + crypto_box_MACBYTES)
35 #define DNSCRYPT_REPLY_HEADER_SIZE \
36 (DNSCRYPT_MAGIC_HEADER_LEN + crypto_box_HALF_NONCEBYTES * 2 + crypto_box_MACBYTES)
42 typedef struct KeyPair_ {
43 uint8_t crypt_publickey[crypto_box_PUBLICKEYBYTES];
44 uint8_t crypt_secretkey[crypto_box_SECRETKEYBYTES];
48 struct SignedCert *signed_certs;
49 size_t signed_certs_count;
50 uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES];
51 uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES];
53 size_t keypairs_count;
54 uint64_t nonce_ts_last;
55 unsigned char hash_key[crypto_shorthash_KEYBYTES];
59 struct dnscrypt_query_header {
60 uint8_t magic_query[DNSCRYPT_MAGIC_HEADER_LEN];
61 uint8_t publickey[crypto_box_PUBLICKEYBYTES];
62 uint8_t nonce[crypto_box_HALF_NONCEBYTES];
63 uint8_t mac[crypto_box_MACBYTES];
67 * Initialize DNSCrypt enviroment.
68 * Initialize sodium library and allocate the dnsc_env structure.
69 * \return an uninitialized struct dnsc_env.
71 struct dnsc_env * dnsc_create(void);
74 * Apply configuration.
75 * Read certificates and secret keys from configuration. Initialize hashkey and
76 * provider name as well as loading cert TXT records.
77 * In case of issue applying configuration, this function fatals.
78 * \param[in] env the struct dnsc_env to populate.
79 * \param[in] cfg the config_file struct with dnscrypt options.
80 * \return 0 on success.
82 int dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg);
85 * handle a crypted dnscrypt request.
86 * Determine wether or not a query is coming over the dnscrypt listener and
87 * attempt to uncurve it or detect if it is a certificate query.
88 * return 0 in case of failure.
90 int dnsc_handle_curved_request(struct dnsc_env* dnscenv,
91 struct comm_reply* repinfo);
93 * handle an unencrypted dnscrypt request.
94 * Determine wether or not a query is going over the dnscrypt channel and
95 * attempt to curve it unless it was not crypted like when it is a
97 * \return 0 in case of failure.
100 int dnsc_handle_uncurved_request(struct comm_reply *repinfo);
101 #endif /* USE_DNSCRYPT */