]>
git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/ipcipher.cc
2 #include "ext/ipcrypt/ipcrypt.h"
3 #include <openssl/aes.h>
4 #include <openssl/evp.h>
7 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
8 const unsigned char *salt, int saltlen, int iter,
9 int keylen, unsigned char *out);
11 std::string
makeIPCipherKey(const std::string
& password
)
13 static const char salt
[]="ipcipheripcipher";
14 unsigned char out
[16];
16 PKCS5_PBKDF2_HMAC_SHA1(password
.c_str(), password
.size(), (const unsigned char*)salt
, sizeof(salt
)-1, 50000, sizeof(out
), out
);
18 return std::string((const char*)out
, (const char*)out
+ sizeof(out
));
21 static ComboAddress
encryptCA4(const ComboAddress
& ca
, const std::string
&key
)
24 throw std::runtime_error("Need 128 bits of key for ipcrypt");
28 // always returns 0, has no failure mode
29 ipcrypt_encrypt( (unsigned char*)&ret
.sin4
.sin_addr
.s_addr
,
30 (const unsigned char*) &ca
.sin4
.sin_addr
.s_addr
,
31 (const unsigned char*)key
.c_str());
35 static ComboAddress
decryptCA4(const ComboAddress
& ca
, const std::string
&key
)
38 throw std::runtime_error("Need 128 bits of key for ipcrypt");
42 // always returns 0, has no failure mode
43 ipcrypt_decrypt( (unsigned char*)&ret
.sin4
.sin_addr
.s_addr
,
44 (const unsigned char*) &ca
.sin4
.sin_addr
.s_addr
,
45 (const unsigned char*)key
.c_str());
50 static ComboAddress
encryptCA6(const ComboAddress
& ca
, const std::string
&key
)
53 throw std::runtime_error("Need 128 bits of key for ipcrypt");
58 AES_set_encrypt_key((const unsigned char*)key
.c_str(), 128, &wctx
);
59 AES_encrypt((const unsigned char*)&ca
.sin6
.sin6_addr
.s6_addr
,
60 (unsigned char*)&ret
.sin6
.sin6_addr
.s6_addr
, &wctx
);
65 static ComboAddress
decryptCA6(const ComboAddress
& ca
, const std::string
&key
)
68 throw std::runtime_error("Need 128 bits of key for ipcrypt");
72 AES_set_decrypt_key((const unsigned char*)key
.c_str(), 128, &wctx
);
73 AES_decrypt((const unsigned char*)&ca
.sin6
.sin6_addr
.s6_addr
,
74 (unsigned char*)&ret
.sin6
.sin6_addr
.s6_addr
, &wctx
);
80 ComboAddress
encryptCA(const ComboAddress
& ca
, const std::string
& key
)
82 if(ca
.sin4
.sin_family
== AF_INET
)
83 return encryptCA4(ca
, key
);
84 else if(ca
.sin4
.sin_family
== AF_INET6
)
85 return encryptCA6(ca
, key
);
87 throw std::runtime_error("ipcrypt can't encrypt non-IP addresses");
90 ComboAddress
decryptCA(const ComboAddress
& ca
, const std::string
& key
)
92 if(ca
.sin4
.sin_family
== AF_INET
)
93 return decryptCA4(ca
, key
);
94 else if(ca
.sin4
.sin_family
== AF_INET6
)
95 return decryptCA6(ca
, key
);
97 throw std::runtime_error("ipcrypt can't decrypt non-IP addresses");