megacheck
This commit is contained in:
Frank Denis
parent
b076e01f7a
commit
9ffa61c9e3
8
certs.go
8
certs.go
|
|
@ -1,10 +1,10 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
"reflect"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -24,7 +24,7 @@ func FetchCurrentCert(proxy *Proxy, pk ed25519.PublicKey, serverAddress string,
|
||||||
if len(pk) != ed25519.PublicKeySize {
|
if len(pk) != ed25519.PublicKeySize {
|
||||||
return CertInfo{}, errors.New("Invalid public key length")
|
return CertInfo{}, errors.New("Invalid public key length")
|
||||||
}
|
}
|
||||||
if strings.HasSuffix(providerName, ".") == false {
|
if !strings.HasSuffix(providerName, ".") {
|
||||||
providerName = providerName + "."
|
providerName = providerName + "."
|
||||||
}
|
}
|
||||||
query := new(dns.Msg)
|
query := new(dns.Msg)
|
||||||
|
|
@ -45,7 +45,7 @@ func FetchCurrentCert(proxy *Proxy, pk ed25519.PublicKey, serverAddress string,
|
||||||
if len(binCert) < 124 {
|
if len(binCert) < 124 {
|
||||||
return certInfo, errors.New("Certificate too short")
|
return certInfo, errors.New("Certificate too short")
|
||||||
}
|
}
|
||||||
if reflect.DeepEqual(binCert[:4], CertMagic[:4]) == false {
|
if !bytes.Equal(binCert[:4], CertMagic[:4]) {
|
||||||
return certInfo, errors.New("Invalid cert magic")
|
return certInfo, errors.New("Invalid cert magic")
|
||||||
}
|
}
|
||||||
cryptoConstruction := CryptoConstruction(0)
|
cryptoConstruction := CryptoConstruction(0)
|
||||||
|
|
@ -59,7 +59,7 @@ func FetchCurrentCert(proxy *Proxy, pk ed25519.PublicKey, serverAddress string,
|
||||||
}
|
}
|
||||||
signature := binCert[8:72]
|
signature := binCert[8:72]
|
||||||
signed := binCert[72:]
|
signed := binCert[72:]
|
||||||
if ed25519.Verify(pk, signed, signature) == false {
|
if !ed25519.Verify(pk, signed, signature) {
|
||||||
log.Fatal("Incorrect signature")
|
log.Fatal("Incorrect signature")
|
||||||
}
|
}
|
||||||
serial := binary.BigEndian.Uint32(binCert[112:116])
|
serial := binary.BigEndian.Uint32(binCert[112:116])
|
||||||
|
|
|
||||||
|
|
@ -13,10 +13,6 @@ const (
|
||||||
XChacha20Poly1305
|
XChacha20Poly1305
|
||||||
)
|
)
|
||||||
|
|
||||||
type ServerParams struct {
|
|
||||||
CertInfo CertInfo
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
CertMagic = [4]byte{0x44, 0x4e, 0x53, 0x43}
|
CertMagic = [4]byte{0x44, 0x4e, 0x53, 0x43}
|
||||||
ServerMagic = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
|
ServerMagic = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}
|
||||||
|
|
|
||||||
|
|
@ -97,10 +97,10 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, packet []byte,
|
||||||
encrypted = append(encrypted, nonce[:xsecretbox.NonceSize/2]...)
|
encrypted = append(encrypted, nonce[:xsecretbox.NonceSize/2]...)
|
||||||
encrypted = xsecretbox.Seal(encrypted, nonce, packet, serverInfo.SharedKey[:])
|
encrypted = xsecretbox.Seal(encrypted, nonce, packet, serverInfo.SharedKey[:])
|
||||||
pc, err := net.DialUDP("udp", nil, serverInfo.UDPAddr)
|
pc, err := net.DialUDP("udp", nil, serverInfo.UDPAddr)
|
||||||
defer pc.Close()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
defer pc.Close()
|
||||||
pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
|
pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
|
||||||
pc.Write(encrypted)
|
pc.Write(encrypted)
|
||||||
buffer := make([]byte, MaxDNSPacketSize)
|
buffer := make([]byte, MaxDNSPacketSize)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue