cryptopANT

NAME
SYNOPSIS
DESCRIPTION
API Overview
SEE ALSO
AUTHORS
BUGS

NAME

cryptopANT − IP Address Anonymization Library

SYNOPSIS

#include <cryptopANT.h>

DESCRIPTION

The cryptopANT ip address anonymization library implements techniques for IPv4 and IPv6 address anonymization first described in:
’Prefix-Preserving IP Address Anonymization’,

Computer Networks, Volume 46, Issue 2, 7 October 2004, Pages 253-272, Elsevier.

commonly known as Crypto-PAn.

This implementation is provided by USC/ISI ANT project: http://ant.isi.edu

API Overview

int scramble_init_from_file(const char *keyfile, scramble_crypt_t c4, scramble_crypt_t c6, int *do_mac)

Initializes library from a keyfile and sets up underlying cryptographical mechanism for scrambling of IPv4 (c4) and IPv6 (c6) addresses. See scramble_crypt_t for possible values of c4 and c6. Typically used are: SCRAMBLE_NONE for no scrambling or SCRAMBLE_AES for scrambling using fast AES cypher. If the keyfile does not exist, it is created. This function internally calls scramble_readstate() and scrable_init(). Returns 0 if successful. SCRAMBLE_BLOWFISH uses blowfish cypher. While previously widely used, it’s no longer recommended, as scrambling of ipv6 addresses can be very slow.

int32_t scramble_ip4(uint32_t input, int pass_bits)
int32_t unscramble_ip4(uint32_t input, int pass_bits)

Scrambles or un-scrambles (input) IP address passing through first (pass_bits); the scrambled ip address is returned. Please note that even if (pass_bits) is 0, first few bits will be passed through to preserve class of the input IP. Both input and output IPs are in network byte order. Note that unscrambling is a costly operation and unscrambling a large number of different addresses can take a long time.

void scramble_ip6(struct in6_addr *input, int pass_bits)
void unscramble_ip6(struct in6_addr *input, int pass_bits)

Scrambles or un-scrambles IPv6 address pointed to by (input) in-place , passing through first (pass_bits). Addresses are in network byte order. Note that unscrambling is a costly operation and unscrambling a large number of different addresses can take a long time.

int scramble_readstate(const char *keyfile, scramble_state_t *s)
int scramble_savestate(const char *keyfile, const scramble_state_t *s)

These functions can read scrambling keys from keyfile into memory pointed to by (s), or save/write previously initialized state (s) to a (keyfile). After state is read, the library still needs to be initialized by calling scramble_init() Return 0 on success.

int scramble_init(const scramble_state_t *s)

Initializes library using state pointed by (s). Returns 0 on success.

SEE ALSO

scramble_ips

is a binary for anonymizing textual IP addresses, which comes packaged with this library

AUTHORS

The cryptopANT library was written by
Yuri Pradkin,

University of Southern California, Information Sciences Institute, CA.

The current version is available from "ANT Project"’s Web site at

http://ant.isi.edu

BUGS

Please send problems, bugs, questions, desirable enhancements, etc. to:

ant@isi.edu