1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#include "ipcipher.hh"
#include "ext/ipcrypt/ipcrypt.h"
#include <openssl/aes.h>
#include <openssl/evp.h>
/*
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out);
*/
std::string makeIPCipherKey(const std::string& password)
{
static const char salt[]="ipcipheripcipher";
unsigned char out[16];
PKCS5_PBKDF2_HMAC_SHA1(password.c_str(), password.size(), (const unsigned char*)salt, sizeof(salt)-1, 50000, sizeof(out), out);
return std::string((const char*)out, (const char*)out + sizeof(out));
}
static ComboAddress encryptCA4(const ComboAddress& ca, const std::string &key)
{
if(key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
ComboAddress ret=ca;
// always returns 0, has no failure mode
ipcrypt_encrypt( (unsigned char*)&ret.sin4.sin_addr.s_addr,
(const unsigned char*) &ca.sin4.sin_addr.s_addr,
(const unsigned char*)key.c_str());
return ret;
}
static ComboAddress decryptCA4(const ComboAddress& ca, const std::string &key)
{
if(key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
ComboAddress ret=ca;
// always returns 0, has no failure mode
ipcrypt_decrypt( (unsigned char*)&ret.sin4.sin_addr.s_addr,
(const unsigned char*) &ca.sin4.sin_addr.s_addr,
(const unsigned char*)key.c_str());
return ret;
}
static ComboAddress encryptCA6(const ComboAddress& ca, const std::string &key)
{
if(key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
ComboAddress ret=ca;
AES_KEY wctx;
AES_set_encrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
AES_encrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
(unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);
return ret;
}
static ComboAddress decryptCA6(const ComboAddress& ca, const std::string &key)
{
if(key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
ComboAddress ret=ca;
AES_KEY wctx;
AES_set_decrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
AES_decrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
(unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);
return ret;
}
ComboAddress encryptCA(const ComboAddress& ca, const std::string& key)
{
if(ca.sin4.sin_family == AF_INET)
return encryptCA4(ca, key);
else if(ca.sin4.sin_family == AF_INET6)
return encryptCA6(ca, key);
else
throw std::runtime_error("ipcrypt can't encrypt non-IP addresses");
}
ComboAddress decryptCA(const ComboAddress& ca, const std::string& key)
{
if(ca.sin4.sin_family == AF_INET)
return decryptCA4(ca, key);
else if(ca.sin4.sin_family == AF_INET6)
return decryptCA6(ca, key);
else
throw std::runtime_error("ipcrypt can't decrypt non-IP addresses");
}
|