Pad certificate requests and add support for proxies

dnscrypt-proxy/dnscrypt_certs.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"net"
 	"strings"
 	"time"
 
@@ -32,8 +33,7 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk
 	}
 	query := new(dns.Msg)
 	query.SetQuestion(providerName, dns.TypeTXT)
-	client := dns.Client{Net: proto, UDPSize: uint16(MaxDNSUDPPacketSize)}
-	in, rtt, err := client.Exchange(query, serverAddress)
+	in, rtt, err := dnsExchange(proxy, proto, query, serverAddress)
 	if err != nil {
 		dlog.Noticef("[%s] TIMEOUT", *serverName)
 		return CertInfo{}, 0, err
@@ -178,3 +178,82 @@ func packTxtString(s string) ([]byte, error) {
 	}
 	return msg, nil
 }
+
+func dnsExchange(proxy *Proxy, proto string, query *dns.Msg, serverAddress string) (*dns.Msg, time.Duration, error) {
+	var packet []byte
+	var rtt time.Duration
+	if proto == "udp" {
+		qNameLen, padding := len(query.Question[0].Name), 0
+		if qNameLen < 256 {
+			padding = 256 - qNameLen
+		}
+		if padding > 0 {
+			opt := new(dns.OPT)
+			opt.Hdr.Name = "."
+			ext := new(dns.EDNS0_PADDING)
+			ext.Padding = make([]byte, padding)
+			opt.Option = append(opt.Option, ext)
+			query.Extra = []dns.RR{opt}
+		}
+		binQuery, err := query.Pack()
+		if err != nil {
+			return nil, 0, err
+		}
+		udpAddr, err := net.ResolveUDPAddr("udp", serverAddress)
+		if err != nil {
+			return nil, 0, err
+		}
+		now := time.Now()
+		pc, err := net.DialUDP("udp", nil, udpAddr)
+		if err != nil {
+			return nil, 0, err
+		}
+		defer pc.Close()
+		pc.SetDeadline(time.Now().Add(proxy.timeout))
+		pc.Write(binQuery)
+		packet = make([]byte, MaxDNSPacketSize)
+		length, err := pc.Read(packet)
+		if err != nil {
+			return nil, 0, err
+		}
+		rtt = time.Since(now)
+		packet = packet[:length]
+	} else {
+		binQuery, err := query.Pack()
+		if err != nil {
+			return nil, 0, err
+		}
+		tcpAddr, err := net.ResolveTCPAddr("tcp", serverAddress)
+		if err != nil {
+			return nil, 0, err
+		}
+		now := time.Now()
+		var pc net.Conn
+		proxyDialer := proxy.xTransport.proxyDialer
+		if proxyDialer == nil {
+			pc, err = net.DialTCP("tcp", nil, tcpAddr)
+		} else {
+			pc, err = (*proxyDialer).Dial("tcp", tcpAddr.String())
+		}
+		if err != nil {
+			return nil, 0, err
+		}
+		defer pc.Close()
+		pc.SetDeadline(time.Now().Add(proxy.timeout))
+		binQuery, err = PrefixWithSize(binQuery)
+		if err != nil {
+			return nil, 0, err
+		}
+		pc.Write(binQuery)
+		packet, err = ReadPrefixed(&pc)
+		if err != nil {
+			return nil, 0, err
+		}
+		rtt = time.Since(now)
+	}
+	msg := dns.Msg{}
+	if err := msg.Unpack(packet); err != nil {
+		return nil, 0, err
+	}
+	return &msg, rtt, nil
+}

dnscrypt-proxy/proxy.go

@@ -298,6 +298,7 @@ func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, sharedKey *[32
 	if err != nil {
 		return nil, err
 	}
+	defer pc.Close()
 	pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
 	if serverInfo.RelayUDPAddr != nil {
 		proxy.prepareForRelay(serverInfo.UDPAddr.IP, serverInfo.UDPAddr.Port, &encryptedQuery)
@@ -305,7 +306,6 @@ func (proxy *Proxy) exchangeWithUDPServer(serverInfo *ServerInfo, sharedKey *[32
 	pc.Write(encryptedQuery)
 	encryptedResponse := make([]byte, MaxDNSPacketSize)
 	length, err := pc.Read(encryptedResponse)
-	pc.Close()
 	if err != nil {
 		return nil, err
 	}
@@ -329,6 +329,7 @@ func (proxy *Proxy) exchangeWithTCPServer(serverInfo *ServerInfo, sharedKey *[32
 	if err != nil {
 		return nil, err
 	}
+	defer pc.Close()
 	pc.SetDeadline(time.Now().Add(serverInfo.Timeout))
 	if serverInfo.RelayTCPAddr != nil {
 		proxy.prepareForRelay(serverInfo.TCPAddr.IP, serverInfo.TCPAddr.Port, &encryptedQuery)
@@ -339,7 +340,6 @@ func (proxy *Proxy) exchangeWithTCPServer(serverInfo *ServerInfo, sharedKey *[32
 	}
 	pc.Write(encryptedQuery)
 	encryptedResponse, err := ReadPrefixed(&pc)
-	pc.Close()
 	if err != nil {
 		return nil, err
 	}