Commit db727156 authored by Stig Venaas's avatar Stig Venaas
Browse files

made PREFIX_PRESERVING work for IPv6

git-svn-id: file:///home/svn/mapi/trunk@877 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 482ef914
......@@ -18,7 +18,7 @@ UINT8 m_key[16]; //128 bit secret key
UINT8 m_pad[16]; //128 bit secret pad
int init_prefix(Mode mode,Direction dir,const UINT8 * key,KeyLength keyLen,UINT8 * initVector);
void prefix_preserving_anonymize_field(unsigned char *raw_addr);
void prefix_preserving_anonymize_field(unsigned char *raw_addr, int len);
static UINT8 S[256]=
......@@ -1618,9 +1618,51 @@ UINT32 anonymize(const UINT32 orig_addr) {
return result ^ orig_addr;
}
void anonymize6(unsigned char *raw_addr) {
UINT8 rin_output[16];
UINT8 rin_input[16];
static const UINT8 mask[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
UINT8 maskbit, addrbyte;
int pos;
memcpy(rin_input, m_pad, 16);
// For each prefixes with length from 0 to 127, generate a bit using the Rijndael cipher,
// which is used as a pseudorandom function here. The bits generated in every rounds
// are combineed into a pseudorandom one-time-pad.
//
//Padding: The most significant pos bits are taken from orig_addr. The other 128-pos
//bits are taken from m_pad. The variables first4bytes_pad and first4bytes_input are used
//to handle the annoying byte order problem.
//Encryption: The Rijndael cipher is used as pseudorandom function. During each
//round, only the first bit of rin_output is used.
blockEncrypt(rin_input, 128, rin_output);
for (pos = 0; pos < 127; pos++) {
maskbit = mask[pos % 8];
addrbyte = raw_addr[pos / 8];
// xor bit "pos" of address with first rin_output bit
if (rin_output[0] & 0x80)
raw_addr[pos / 8] ^= maskbit;
// copy bit "pos" (0 is MSB, 127 is LSB) from original address to rin_input
if ((rin_input[pos / 8] & maskbit) != (addrbyte & maskbit))
rin_input[pos / 8] ^= maskbit;
//Encryption: The Rijndael cipher is used as pseudorandom function. During each
//round, only the first bit of rin_output is used.
blockEncrypt(rin_input, 128, rin_output);
}
// xor bit 127 (LSB) of address with first rin_output bit
if (rin_output[0] & 0x80)
raw_addr[15] ^= 0x01;
return;
}
int inited=0;
void prefix_preserving_anonymize_field(unsigned char *raw_addr) {
void prefix_preserving_anonymize_field(unsigned char *raw_addr, int len) {
unsigned char my_key[32] =
{21,34,23,141,51,164,207,128,19,10,91,22,73,144,125,16,
216,152,143,131,121,121,101,39,98,87,76,45,42,132,34,2};
......@@ -1632,6 +1674,12 @@ void prefix_preserving_anonymize_field(unsigned char *raw_addr) {
inited=1;
}
if (len == 16) {
anonymize6(raw_addr);
return;
}
/* IPv4, len == 4 */
p=raw_addr[0];
raw_addr[0]=raw_addr[3];
raw_addr[3]=p;
......
......@@ -325,7 +325,7 @@ extern void PrintPacket(FILE *fp, mapipacket *p,int datalink);
extern void gen_table();
extern void pattern_fill_field(unsigned char *field, int len, int pattern_type, void *pattern);
extern void prefix_preserving_anonymize_field(unsigned char *raw_addr);
extern void prefix_preserving_anonymize_field(unsigned char *raw_addr, int len);
extern void random_field(unsigned char *field, int len);
extern void filename_random_field(unsigned char *p, int len);
extern void map_distribution(unsigned char *field, short len, int distribution_type, int arg1, int arg2);
......
......@@ -875,7 +875,7 @@ void apply_function_to_field(int function,int protocol,int field,unsigned char *
//checkSwap(field_pointer,field);
break;
case PREFIX_PRESERVING:
prefix_preserving_anonymize_field(field_pointer);
prefix_preserving_anonymize_field(field_pointer, len);
break;
case PREFIX_PRESERVING_MAP:
hide_addr(field_pointer);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment