Watch for network changes and rotate PQ tickets when needed

Author: jedisct1

dnscrypt-proxy/crypto.go

@@ -79,13 +79,13 @@ func (proxy *Proxy) Encrypt(
 	serverInfo *ServerInfo,
 	packet []byte,
 	proto string,
-) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, err error) {
+) (sharedKey *[32]byte, encrypted []byte, clientNonce []byte, queryEpoch uint64, err error) {
 	if serverInfo.CryptoConstruction == XWingPQ {
 		return proxy.encryptPQ(serverInfo, packet, proto)
 	}
 	nonce, clientNonce := make([]byte, NonceSize), make([]byte, HalfNonceSize)
 	if _, err := crypto_rand.Read(clientNonce); err != nil {
-		return nil, nil, nil, err
+		return nil, nil, nil, queryEpoch, err
 	}
 	copy(nonce, clientNonce)
 	var publicKey *[PublicKeySize]byte
@@ -110,7 +110,7 @@ func (proxy *Proxy) Encrypt(
 	} else {
 		var xpad [1]byte
 		if _, err := crypto_rand.Read(xpad[:]); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, queryEpoch, err
 		}
 		minQuestionSize += int(xpad[0])
 	}
@@ -122,7 +122,7 @@ func (proxy *Proxy) Encrypt(
 	}
 	if QueryOverhead+len(packet)+1 > paddedLength {
 		err = errors.New("Question too large; cannot be padded")
-		return sharedKey, encrypted, clientNonce, err
+		return sharedKey, encrypted, clientNonce, queryEpoch, err
 	}
 	encrypted = append(serverInfo.MagicQuery[:], publicKey[:]...)
 	encrypted = append(encrypted, nonce[:HalfNonceSize]...)
@@ -134,14 +134,15 @@ func (proxy *Proxy) Encrypt(
 		copy(xsalsaNonce[:], nonce)
 		encrypted = secretbox.Seal(encrypted, padded, &xsalsaNonce, sharedKey)
 	}
-	return sharedKey, encrypted, clientNonce, err
+	return sharedKey, encrypted, clientNonce, queryEpoch, err
 }
 
 func (proxy *Proxy) Decrypt(
 	serverInfo *ServerInfo,
 	sharedKey *[32]byte,
 	encrypted []byte,
 	nonce []byte,
+	queryEpoch uint64,
 ) ([]byte, error) {
 	serverMagicLen := len(ServerMagic)
 	responseHeaderLen := serverMagicLen + NonceSize
@@ -172,7 +173,7 @@ func (proxy *Proxy) Decrypt(
 		return encrypted, err
 	}
 	if serverInfo.CryptoConstruction == XWingPQ {
-		packet, err = proxy.pqStripControl(serverInfo, sharedKey, nonce, packet)
+		packet, err = proxy.pqStripControl(serverInfo, sharedKey, nonce, packet, queryEpoch)
 		if err != nil {
 			return encrypted, err
 		}

dnscrypt-proxy/netmon.go

@@ -0,0 +1,222 @@
+package main
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"net"
+	"sort"
+	"strconv"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/jedisct1/dlog"
+)
+
+const (
+	defaultNetworkMonitorInterval = 5 * time.Second
+	offlineNetworkFingerprint     = "offline"
+)
+
+type networkInterfaceSnapshot struct {
+	Name         string
+	Index        int
+	HardwareAddr net.HardwareAddr
+	Addrs        []*net.IPNet
+}
+
+type networkMonitor struct {
+	epochValue  atomic.Uint64
+	mu          sync.Mutex
+	last        string
+	fingerprint func() string
+}
+
+func newNetworkMonitor() *networkMonitor {
+	return &networkMonitor{fingerprint: currentNetworkFingerprint}
+}
+
+func (monitor *networkMonitor) epoch() uint64 {
+	if monitor == nil {
+		return 0
+	}
+	return monitor.epochValue.Load()
+}
+
+func (monitor *networkMonitor) init() {
+	if monitor == nil {
+		return
+	}
+	fingerprint := monitor.currentFingerprint()
+	monitor.mu.Lock()
+	monitor.last = fingerprint
+	monitor.mu.Unlock()
+}
+
+func (monitor *networkMonitor) start(ctx context.Context, interval time.Duration) {
+	if monitor == nil {
+		return
+	}
+	if interval <= 0 {
+		interval = defaultNetworkMonitorInterval
+	}
+	monitor.init()
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-ticker.C:
+			monitor.check()
+		}
+	}
+}
+
+func (monitor *networkMonitor) check() {
+	fingerprint := monitor.currentFingerprint()
+	monitor.mu.Lock()
+	defer monitor.mu.Unlock()
+	if monitor.last == "" {
+		monitor.last = fingerprint
+		return
+	}
+	if monitor.last == fingerprint {
+		return
+	}
+	monitor.last = fingerprint
+	monitor.epochValue.Add(1)
+	dlog.Notice("Network change detected; rotating PQ resumption tickets")
+}
+
+func (monitor *networkMonitor) currentFingerprint() string {
+	if monitor.fingerprint == nil {
+		return offlineNetworkFingerprint
+	}
+	return monitor.fingerprint()
+}
+
+func currentNetworkFingerprint() string {
+	localIPs := discoverNetworkMonitorLocalIPs()
+	if len(localIPs) == 0 {
+		return offlineNetworkFingerprint
+	}
+	interfaces := snapshotNetworkInterfaces()
+	return buildNetworkFingerprint(localIPs, interfaces)
+}
+
+func discoverNetworkMonitorLocalIPs() []net.IP {
+	probeAddrs := []string{"192.0.2.1:9", "[2001:db8::1]:9"}
+	localIPs := make([]net.IP, 0, len(probeAddrs))
+	seen := make(map[string]struct{}, len(probeAddrs))
+	for _, probeAddr := range probeAddrs {
+		conn, err := net.DialTimeout("udp", probeAddr, time.Second)
+		if err != nil {
+			continue
+		}
+		localAddr, ok := conn.LocalAddr().(*net.UDPAddr)
+		conn.Close()
+		if !ok || localAddr.IP == nil || localAddr.IP.IsUnspecified() {
+			continue
+		}
+		ip := append(net.IP(nil), localAddr.IP...)
+		key := ip.String()
+		if _, ok := seen[key]; ok {
+			continue
+		}
+		seen[key] = struct{}{}
+		localIPs = append(localIPs, ip)
+	}
+	return localIPs
+}
+
+func snapshotNetworkInterfaces() []networkInterfaceSnapshot {
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return nil
+	}
+	snapshots := make([]networkInterfaceSnapshot, 0, len(interfaces))
+	for _, iface := range interfaces {
+		addrs, err := iface.Addrs()
+		if err != nil {
+			continue
+		}
+		snapshot := networkInterfaceSnapshot{
+			Name:         iface.Name,
+			Index:        iface.Index,
+			HardwareAddr: append(net.HardwareAddr(nil), iface.HardwareAddr...),
+		}
+		for _, addr := range addrs {
+			ip, ipNet, err := net.ParseCIDR(addr.String())
+			if err != nil {
+				continue
+			}
+			ipNet.IP = ip
+			snapshot.Addrs = append(snapshot.Addrs, ipNet)
+		}
+		snapshots = append(snapshots, snapshot)
+	}
+	return snapshots
+}
+
+func buildNetworkFingerprint(localIPs []net.IP, interfaces []networkInterfaceSnapshot) string {
+	if len(localIPs) == 0 {
+		return offlineNetworkFingerprint
+	}
+	parts := make([]string, 0, len(localIPs))
+	for _, ip := range localIPs {
+		if ip == nil || ip.IsUnspecified() {
+			continue
+		}
+		ip = append(net.IP(nil), ip...)
+		iface, ok := findNetworkInterfaceForIP(ip, interfaces)
+		part := "ip=" + ip.String()
+		if ok {
+			part += "|name=" + iface.Name + "|index=" + strconv.Itoa(iface.Index)
+			if len(iface.HardwareAddr) > 0 {
+				part += "|mac=" + iface.HardwareAddr.String()
+			}
+		}
+		parts = append(parts, part)
+	}
+	if len(parts) == 0 {
+		return offlineNetworkFingerprint
+	}
+	sort.Strings(parts)
+	h := sha256.New()
+	for _, part := range parts {
+		h.Write([]byte(part))
+		h.Write([]byte{0})
+	}
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+func (proxy *Proxy) networkEpoch() uint64 {
+	if proxy == nil || proxy.netMonitor == nil {
+		return 0
+	}
+	return proxy.netMonitor.epoch()
+}
+
+func findNetworkInterfaceForIP(ip net.IP, interfaces []networkInterfaceSnapshot) (networkInterfaceSnapshot, bool) {
+	matches := make([]networkInterfaceSnapshot, 0, 1)
+	for _, iface := range interfaces {
+		for _, addr := range iface.Addrs {
+			if addr != nil && addr.Contains(ip) {
+				matches = append(matches, iface)
+				break
+			}
+		}
+	}
+	if len(matches) == 0 {
+		return networkInterfaceSnapshot{}, false
+	}
+	sort.Slice(matches, func(i, j int) bool {
+		if matches[i].Name != matches[j].Name {
+			return matches[i].Name < matches[j].Name
+		}
+		return matches[i].Index < matches[j].Index
+	})
+	return matches[0], true
+}