Skip to content

Commit

Permalink
Revert "Remove support for xsalsapoly"
Browse files Browse the repository at this point in the history
Apparently, a bunch of popular resolvers such as adguard, cleanbrowsing
and comodo still only support xsalsapoly o_O

Add a lying resolver check for old DNSCrypt servers.
jedisct1 committed Jan 11, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 14af44d commit 062dc53
Showing 15 changed files with 1,924 additions and 9 deletions.
1 change: 1 addition & 0 deletions dnscrypt-proxy/common.go
Original file line number Diff line number Diff line change
@@ -18,6 +18,7 @@ type CryptoConstruction uint16

const (
UndefinedConstruction CryptoConstruction = iota
XSalsa20Poly1305
XChacha20Poly1305
)

1 change: 1 addition & 0 deletions dnscrypt-proxy/config.go
Original file line number Diff line number Diff line change
@@ -154,6 +154,7 @@ func newConfig() Config {
BlockedQueryResponse: "hinfo",
BrokenImplementations: BrokenImplementationsConfig{
FragmentsBlocked: []string{
"cisco", "cisco-ipv6", "cisco-familyshield", "cisco-familyshield-ipv6",
"cleanbrowsing-adult", "cleanbrowsing-adult-ipv6", "cleanbrowsing-family", "cleanbrowsing-family-ipv6", "cleanbrowsing-security", "cleanbrowsing-security-ipv6",
},
},
28 changes: 24 additions & 4 deletions dnscrypt-proxy/crypto.go
Original file line number Diff line number Diff line change
@@ -9,6 +9,8 @@ import (
"github.com/jedisct1/dlog"
"github.com/jedisct1/xsecretbox"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/nacl/box"
"golang.org/x/crypto/nacl/secretbox"
)

const (
@@ -55,9 +57,19 @@ func ComputeSharedKey(
dlog.Criticalf("[%v] Weak XChaCha20 public key", providerName)
}
} else {
dlog.Criticalf("[%v] Unsupported encryption system", providerName)
box.Precompute(&sharedKey, serverPk, secretKey)
c := byte(0)
for i := 0; i < 32; i++ {
c |= sharedKey[i]
}
if c == 0 {
dlog.Criticalf("[%v] Weak XSalsa20 public key", providerName)
if _, err := crypto_rand.Read(sharedKey[:]); err != nil {
dlog.Fatal(err)
}
}
}
return sharedKey
return
}

func (proxy *Proxy) Encrypt(
@@ -112,7 +124,9 @@ func (proxy *Proxy) Encrypt(
if serverInfo.CryptoConstruction == XChacha20Poly1305 {
encrypted = xsecretbox.Seal(encrypted, nonce, padded, sharedKey[:])
} else {
err = errors.New("Unsupported encryption system")
var xsalsaNonce [24]byte
copy(xsalsaNonce[:], nonce)
encrypted = secretbox.Seal(encrypted, padded, &xsalsaNonce, sharedKey)
}
return
}
@@ -139,7 +153,13 @@ func (proxy *Proxy) Decrypt(
if serverInfo.CryptoConstruction == XChacha20Poly1305 {
packet, err = xsecretbox.Open(nil, serverNonce, encrypted[responseHeaderLen:], sharedKey[:])
} else {
err = errors.New("Unsupported encryption system")
var xsalsaServerNonce [24]byte
copy(xsalsaServerNonce[:], serverNonce)
var ok bool
packet, ok = secretbox.Open(nil, encrypted[responseHeaderLen:], &xsalsaServerNonce, sharedKey)
if !ok {
err = errors.New("Incorrect tag")
}
}
if err != nil {
return encrypted, err
8 changes: 4 additions & 4 deletions dnscrypt-proxy/dnscrypt_certs.go
Original file line number Diff line number Diff line change
@@ -95,12 +95,12 @@ func FetchCurrentDNSCryptCert(
cryptoConstruction := CryptoConstruction(0)
switch esVersion := binary.BigEndian.Uint16(binCert[4:6]); esVersion {
case 0x0001:
dlog.Noticef("[%v] Deprecated, now unsupported encryption system", *serverName)
continue
cryptoConstruction = XSalsa20Poly1305
dlog.Noticef("[%v] should upgrade to XChaCha20 for encryption", *serverName)
case 0x0002:
cryptoConstruction = XChacha20Poly1305
default:
dlog.Noticef("[%v] Unsupported encryption system", *serverName)
dlog.Debugf("[%v] uses an unsupported encryption system", *serverName)
continue
}
signature := binCert[8:72]
@@ -164,7 +164,7 @@ func FetchCurrentDNSCryptCert(
dlog.Debugf("[%v] Upgrading the construction from %v to %v", *serverName, certInfo.CryptoConstruction, cryptoConstruction)
}
}
if cryptoConstruction != XChacha20Poly1305 {
if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
dlog.Noticef("[%v] Cryptographic construction %v not supported", *serverName, cryptoConstruction)
continue
}
6 changes: 5 additions & 1 deletion dnscrypt-proxy/example-dnscrypt-proxy.toml
Original file line number Diff line number Diff line change
@@ -774,14 +774,18 @@ format = 'tsv'

[broken_implementations]

## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
## truncate responses larger than questions as expected by the DNSCrypt protocol.
## This prevents large responses from being received over UDP and over relays.
##
## Older versions of the `dnsdist` server software had a bug with queries larger
## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
## some server may still run an outdated version.
##
## The list below enables workarounds to make non-relayed usage more reliable
## until the servers are fixed.

fragments_blocked = ['cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cisco-sandbox', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']



34 changes: 34 additions & 0 deletions dnscrypt-proxy/serversInfo.go
Original file line number Diff line number Diff line change
@@ -608,6 +608,27 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
if err != nil {
return ServerInfo{}, err
}

if certInfo.CryptoConstruction == XSalsa20Poly1305 {
query := plainNXTestPacket(0xcafe)
msg, _, _, err := DNSExchange(
proxy,
proxy.mainProto,
&query,
stamp.ServerAddrStr,
dnscryptRelay,
&name,
false,
)
if err == nil {
if msg.Rcode != dns.RcodeNameError && msg.Id == 0xcafe {
dlog.Warnf("[%s] may be a lying resolver -- skipping", name)
return ServerInfo{}, fmt.Errorf("[%s] unexpected catchall response", name)
}
dlog.Debugf("[%s] seems to be also accessible over plain DNS", name)
}
}

return ServerInfo{
Proto: stamps.StampProtoTypeDNSCrypt,
MagicQuery: certInfo.MagicQuery,
@@ -665,6 +686,19 @@ func dohNXTestPacket(msgID uint16) []byte {
return body
}

func plainNXTestPacket(msgID uint16) dns.Msg {
msg := dns.Msg{}
qName := make([]byte, 16)
charset := "abcdefghijklmnopqrstuvwxyz"
for i := range qName {
qName[i] = charset[rand.Intn(len(charset))]
}
msg.SetQuestion(string(qName)+".test.dnscrypt.", dns.TypeNS)
msg.Id = msgID
msg.MsgHdr.RecursionDesired = true
return msg
}

func fetchDoHServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) {
// If an IP has been provided, use it forever.
// Or else, if the fallback server and the DoH server are operated
182 changes: 182 additions & 0 deletions vendor/golang.org/x/crypto/nacl/box/box.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

173 changes: 173 additions & 0 deletions vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go
146 changes: 146 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go
201 changes: 201 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go
23 changes: 23 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
880 changes: 880 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s

Large diffs are not rendered by default.

14 changes: 14 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
233 changes: 233 additions & 0 deletions vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go
3 changes: 3 additions & 0 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
@@ -142,7 +142,10 @@ golang.org/x/crypto/ed25519
golang.org/x/crypto/hkdf
golang.org/x/crypto/internal/alias
golang.org/x/crypto/internal/poly1305
golang.org/x/crypto/nacl/box
golang.org/x/crypto/nacl/secretbox
golang.org/x/crypto/poly1305
golang.org/x/crypto/salsa20/salsa
# golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8
## explicit; go 1.22.0
golang.org/x/exp/rand

0 comments on commit 062dc53

Please sign in to comment.