-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
handling key submission from client and responding with server public…
… key
- Loading branch information
Showing
12 changed files
with
372 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
use std::collections::HashMap; | ||
use std::time::SystemTime; | ||
use aes_gcm_siv::Aes256GcmSiv; | ||
|
||
pub struct Client { | ||
pub first_seen: SystemTime, | ||
pub shared_key: Aes256GcmSiv | ||
} | ||
|
||
impl Client { | ||
|
||
pub fn new(shared_key: Aes256GcmSiv) -> Client | ||
{ | ||
Client { | ||
first_seen: SystemTime::now(), | ||
shared_key | ||
} | ||
} | ||
} | ||
|
||
pub struct Clients { | ||
client_map: HashMap<String, Client> | ||
} | ||
|
||
impl Clients { | ||
|
||
pub fn new() -> Clients | ||
{ | ||
Clients { | ||
client_map: HashMap::new() | ||
} | ||
} | ||
|
||
// pub fn add_from(&mut self, client_id: String, shared_key: Aes256GcmSiv) | ||
// { | ||
// self.client_map.insert(client_id, Client::new(shared_key)); | ||
// } | ||
|
||
pub fn add(&mut self, client_id: String, client:Client) | ||
{ | ||
self.client_map.insert(client_id, client); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
use std::fmt::{Debug, Formatter}; | ||
use crate::message::record::RData; | ||
use crate::string::encode_domain_name; | ||
|
||
pub struct CnameRdata { | ||
pub rdata: String | ||
} | ||
|
||
impl Debug for CnameRdata { | ||
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { | ||
f.debug_struct("CNAME") | ||
.field("Host", &self.rdata) | ||
.finish() | ||
} | ||
} | ||
|
||
impl RData for CnameRdata { | ||
fn to_bytes(&self) -> Vec<u8> { | ||
encode_domain_name(&self.rdata) | ||
} | ||
} | ||
|
||
impl CnameRdata { | ||
pub fn from(rdata: String) -> CnameRdata | ||
{ | ||
CnameRdata { | ||
rdata | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,112 @@ | ||
use std::net::Ipv4Addr; | ||
use p256::ecdh::EphemeralSecret; | ||
use crate::crypto::{get_random_asym_pair, trim_public_key}; | ||
use crate::message::DNSMessage; | ||
use crate::clients::Client; | ||
use crate::crypto::{asym_to_sym_key, fatten_public_key, get_random_asym_pair, get_shared_asym_secret, trim_public_key}; | ||
use crate::message::{ARdata, DNSMessage, DNSQuestion, QClass, QType, ResourceRecord}; | ||
use crate::message::record::CnameRdata; | ||
use crate::string::{append_base_domain_to_key, strip_base_domain_from_key}; | ||
|
||
pub fn get_key_response(request: DNSMessage) -> DNSMessage | ||
{ | ||
DNSMessage::a_resp_from_request(&request, |_| Ipv4Addr::from([127, 0, 0, 1])) | ||
pub struct KeySwapContext { | ||
pub new_client: Client, | ||
pub response: DNSMessage, | ||
pub server_public: String, | ||
pub client_public: String | ||
} | ||
|
||
pub fn get_key_request_with_base_domain(base_domain: String) -> (EphemeralSecret, String) | ||
{ | ||
let (private, public) = get_random_asym_pair(); | ||
|
||
(private, vec![trim_public_key(&public), base_domain].join(".")) | ||
(private, append_base_domain_to_key(trim_public_key(&public), &base_domain)) | ||
} | ||
|
||
pub fn get_fattened_public_key(key_question: &DNSQuestion) -> (String, String) | ||
{ | ||
let public_key = &key_question.qname; | ||
let (trimmed_public_key, base_domain) = strip_base_domain_from_key(public_key); | ||
|
||
(fatten_public_key(&trimmed_public_key), base_domain) | ||
} | ||
|
||
#[derive(Ord, PartialOrd, Eq, PartialEq, Debug, Copy, Clone)] | ||
pub enum KeyDecodeError { | ||
QuestionCount(usize), | ||
FirstQuestionNotA(QType), | ||
SecondQuestionNotA(QType), | ||
SharedSecretDerivation, | ||
} | ||
|
||
pub fn decode_key_request(message: DNSMessage) -> Result<KeySwapContext, KeyDecodeError> | ||
{ | ||
if message.questions.len() == 2 { | ||
|
||
if message.questions[0].qtype != QType::A | ||
{ | ||
return Err(KeyDecodeError::FirstQuestionNotA(message.questions[0].qtype)); | ||
} | ||
|
||
let key_question = &message.questions[1]; | ||
|
||
if key_question.qtype != QType::A | ||
{ | ||
return Err(KeyDecodeError::SecondQuestionNotA(key_question.qtype)); | ||
} | ||
|
||
let (fattened_public_key, base_domain) = get_fattened_public_key(&key_question); | ||
let (server_private, server_public) = get_random_asym_pair(); | ||
|
||
let shared_secret = get_shared_asym_secret(server_private, fattened_public_key); | ||
|
||
match shared_secret { | ||
Ok(secret) => { | ||
|
||
let sym_key = asym_to_sym_key(&secret); | ||
let new_client = Client::new(sym_key); | ||
let mut response = message.empty_resp_from_request(); | ||
|
||
let first_record = ResourceRecord { | ||
name_offset: 12, | ||
answer_type: QType::A, | ||
class: QClass::Internet, | ||
ttl: 0, | ||
rd_length: 4, | ||
r_data: Box::new(ARdata::from(Ipv4Addr::from([127,0,0,1]))) | ||
}; | ||
|
||
let second_record = ResourceRecord { | ||
name_offset: 12 + (&message.questions[0]).to_bytes().len() as u16, | ||
answer_type: QType::CNAME, | ||
class: QClass::Internet, | ||
ttl: 0, | ||
rd_length: 4, | ||
r_data: Box::new( | ||
CnameRdata::from( | ||
append_base_domain_to_key( | ||
trim_public_key(&server_public), | ||
&base_domain | ||
) | ||
) | ||
) | ||
}; | ||
|
||
response.answer_records = vec![ | ||
first_record, second_record | ||
]; | ||
|
||
return Ok(KeySwapContext { | ||
new_client, | ||
response, | ||
server_public, | ||
client_public: key_question.qname.to_string() | ||
}); | ||
} | ||
Err(_) => { | ||
return Err(KeyDecodeError::SharedSecretDerivation); | ||
} | ||
} | ||
} | ||
else | ||
{ | ||
return Err(KeyDecodeError::QuestionCount(message.questions.len())); | ||
} | ||
} |
Oops, something went wrong.