cryptopANT − IP Address Anonymization Library
#include <cryptopANT.h>
The cryptopANT
ip address anonymization library implements techniques for
IPv4 and IPv6 address anonymization first described in:
’Prefix-Preserving IP Address
Anonymization’,
Computer Networks, Volume 46, Issue 2, 7 October 2004, Pages 253-272, Elsevier.
commonly known as Crypto-PAn.
This implementation is provided by USC/ISI ANT project: http://ant.isi.edu
int scramble_init_from_file(const char *keyfile, scramble_crypt_t c4, scramble_crypt_t c6, int *do_mac)
Initializes library from a keyfile and sets up underlying cryptographical mechanism for scrambling of IPv4 (c4) and IPv6 (c6) addresses. See scramble_crypt_t for possible values of c4 and c6. Typically used are: SCRAMBLE_NONE for no scrambling or SCRAMBLE_AES for scrambling using fast AES cypher. If the keyfile does not exist, it is created. This function internally calls scramble_readstate() and scrable_init(). Returns 0 if successful. SCRAMBLE_BLOWFISH uses blowfish cypher. While previously widely used, it’s no longer recommended, as scrambling of ipv6 addresses can be very slow.
int32_t
scramble_ip4(uint32_t input, int pass_bits)
int32_t unscramble_ip4(uint32_t input, int
pass_bits)
Scrambles or un-scrambles (input) IP address passing through first (pass_bits); the scrambled ip address is returned. Please note that even if (pass_bits) is 0, first few bits will be passed through to preserve class of the input IP. Both input and output IPs are in network byte order. Note that unscrambling is a costly operation and unscrambling a large number of different addresses can take a long time.
void
scramble_ip6(struct in6_addr *input, int pass_bits)
void unscramble_ip6(struct in6_addr *input, int
pass_bits)
Scrambles or un-scrambles IPv6 address pointed to by (input) in-place , passing through first (pass_bits). Addresses are in network byte order. Note that unscrambling is a costly operation and unscrambling a large number of different addresses can take a long time.
int
scramble_readstate(const char *keyfile, scramble_state_t *s)
int scramble_savestate(const char *keyfile, const
scramble_state_t *s)
These functions can read scrambling keys from keyfile into memory pointed to by (s), or save/write previously initialized state (s) to a (keyfile). After state is read, the library still needs to be initialized by calling scramble_init() Return 0 on success.
int scramble_init(const scramble_state_t *s)
Initializes library using state pointed by (s). Returns 0 on success.
scramble_ips
is a binary for anonymizing textual IP addresses, which comes packaged with this library
The cryptopANT
library was written by
Yuri Pradkin,
University of Southern California, Information Sciences Institute, CA.
The current version is available from "ANT Project"’s Web site at
http://ant.isi.edu
Please send problems, bugs, questions, desirable enhancements, etc. to:
ant@isi.edu