summaryrefslogtreecommitdiffstats
path: root/ipcipher.cc
blob: 57a2aa3f8a26dcf0b02e409d5b31ebe3f27531d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include "ipcipher.hh"
#include "ext/ipcrypt/ipcrypt.h"
#include <openssl/aes.h>
#include <openssl/evp.h>

/*
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);
*/
std::string makeIPCipherKey(const std::string& password)
{
  static const char salt[]="ipcipheripcipher";
  unsigned char out[16];

  PKCS5_PBKDF2_HMAC_SHA1(password.c_str(), password.size(), (const unsigned char*)salt, sizeof(salt)-1, 50000, sizeof(out), out);

  return std::string((const char*)out, (const char*)out + sizeof(out));
}

static ComboAddress encryptCA4(const ComboAddress& ca, const std::string &key)
{
  if(key.size() != 16)
    throw std::runtime_error("Need 128 bits of key for ipcrypt");

  ComboAddress ret=ca;

  // always returns 0, has no failure mode
  ipcrypt_encrypt(      (unsigned char*)&ret.sin4.sin_addr.s_addr,
                 (const unsigned char*)  &ca.sin4.sin_addr.s_addr,
                 (const unsigned char*)key.c_str());
  return ret;
}

static ComboAddress decryptCA4(const ComboAddress& ca, const std::string &key)
{
  if(key.size() != 16)
    throw std::runtime_error("Need 128 bits of key for ipcrypt");

  ComboAddress ret=ca;

  // always returns 0, has no failure mode
  ipcrypt_decrypt(      (unsigned char*)&ret.sin4.sin_addr.s_addr,
                 (const unsigned char*)  &ca.sin4.sin_addr.s_addr,
                 (const unsigned char*)key.c_str());
  return ret;
}


static ComboAddress encryptCA6(const ComboAddress& ca, const std::string &key)
{
  if(key.size() != 16)
    throw std::runtime_error("Need 128 bits of key for ipcrypt");

  ComboAddress ret=ca;

  AES_KEY wctx;
  AES_set_encrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
  AES_encrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);

  return ret;
}

static ComboAddress decryptCA6(const ComboAddress& ca, const std::string &key)
{
  if(key.size() != 16)
    throw std::runtime_error("Need 128 bits of key for ipcrypt");

  ComboAddress ret=ca;
  AES_KEY wctx;
  AES_set_decrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
  AES_decrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);

  return ret;
}


ComboAddress encryptCA(const ComboAddress& ca, const std::string& key)
{
  if(ca.sin4.sin_family == AF_INET)
    return encryptCA4(ca, key);
  else if(ca.sin4.sin_family == AF_INET6)
    return encryptCA6(ca, key);
  else
    throw std::runtime_error("ipcrypt can't encrypt non-IP addresses");
}

ComboAddress decryptCA(const ComboAddress& ca, const std::string& key)
{
  if(ca.sin4.sin_family == AF_INET)
    return decryptCA4(ca, key);
  else if(ca.sin4.sin_family == AF_INET6)
    return decryptCA6(ca, key);
  else
    throw std::runtime_error("ipcrypt can't decrypt non-IP addresses");

}