Anonymization intermediate: initial version

Author: Lukas955

src/plugins/CMakeLists.txt

@@ -1,3 +1,4 @@
 # List of plugin to build and install
 add_subdirectory(input)
+add_subdirectory(intermediate)
 add_subdirectory(output)

src/plugins/intermediate/CMakeLists.txt

@@ -0,0 +1,2 @@
+# List of output plugin to build and install
+add_subdirectory(anonymization)

src/plugins/intermediate/anonymization/CMakeLists.txt

@@ -0,0 +1,15 @@
+# Create a linkable module
+add_library(anonymization-intermediate MODULE
+	anonymization.c
+	config.c
+	config.h
+	Crypto-PAn/panonymizer.c
+	Crypto-PAn/panonymizer.h
+	Crypto-PAn/rijndael.c
+	Crypto-PAn/rijndael.h
+)
+
+install(
+	TARGETS anonymization-intermediate
+	LIBRARY DESTINATION "${CMAKE_INSTALL_FULL_LIBDIR}/ipfixcol2/"
+)

src/plugins/intermediate/anonymization/Crypto-PAn/panonymizer.c

@@ -0,0 +1,228 @@
+/*
+ *  Copyright (c) 2014, Peter Haag
+ *  Copyright (c) 2009, Peter Haag
+ *  Copyright (c) 2004-2008, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
+ *  All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright notice,
+ *     this list of conditions and the following disclaimer in the documentation
+ *     and/or other materials provided with the distribution.
+ *   * Neither the name of the author nor the names of its contributors may be
+ *     used to endorse or promote products derived from this software without
+ *     specific prior written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *  POSSIBILITY OF SUCH DAMAGE.
+ *
+ *  $Author: haag $
+ *
+ *  $Id: panonymizer.c 39 2009-11-25 08:11:15Z haag $
+ *
+ *  $LastChangedRevision: 39 $
+ *
+ */
+
+/* Original disclaimer
+ * Atlanta, Georgia 30332.
+ * All Rights Reserved
+ *
+ * The following Software is posted on the Internet by the Georgia
+ * Tech Research Corporation (GTRC). It was developed by employees
+ * of the Georgia Institute of Technology in the College of Computing.
+ * GTRC hereby grants to the user a non-exclusive, royalty-free
+ * license to utilize such Software for the User's own purposes
+ * pursuant to the following conditions.
+ *
+ *
+ * THE SOFTWARE IS LICENSED ON AN "AS IS" BASIS. GTRC MAKES NO WARRANTY
+ * THAT ALL ERRORS CAN BE OR HAVE BEEN ELIMINATED FROM THE SOFTWARE.
+ * GTRC SHALL NOT BE RESPONSIBLE FOR LOSSES OF ANY KIND RESULTING FROM
+ * THE USE OF THE SOFTWARE AND ITS ACCOMPANYING DOCUMENTATION, AND CAN
+ * IN NO WAY PROVIDE COMPENSATION FOR ANY LOSSES SUSTAINED, INCLUDING
+ * BUT NOT LIMITED TO ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY
+ * FOR TORT, OF FOR ANY ACTUAL OR ALLEGED INFRINGEMENT OF PATENTS, COPYRIGHTS,
+ * TRADE SECRETS, OR SIMILAR RIGHTS OF THIRD PARTIES, NOR ANY BUSINESS
+ * EXPENSE, MACHINE DOWNTIME, OR DAMAGES CAUSED LICENSEE BY ANY DEFICIENCY,
+ * DEFECT OR ERROR IN THE SOFTWARE OR MALFUNCTION THEREOF, NOR ANY
+ * INCIDENTAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED. GTRC DISCLAIMS
+ * ALL WARRANTIES, BOTH EXPRESS AND IMPLIED RESPECTING THE USE AND
+ * OPERATION OF THE SOFTWARE AND ANY ACCOMPANYING DOCUMENTATION,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * PARTICULAR PURPOSE AND ANY IMPLIED WARRANTY ARISING FROM COURSE
+ * OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. GTRC MAKES NO
+ * WARRANTY THAT THE SOFTWARE IS ADEQUATELY OR COMPLETELY DESCRIBED
+ * IN, OR BEHAVES IN ACCORDANCE WITH ANY OF THE ACCOMPANYING
+ * DOCUMENTATION. THE USER OF THE SOFTWARE IS EXPECTED TO MAKE THE FINAL
+ * EVALUATION OF THE SOFTWARE'S USEFULNESS IN USER'S OWN ENVIRONMENT.
+ *
+ *
+ * Package: Crypto-PAn 1.0
+ * File: panonymizer.cpp
+ * Last Update: April 17, 2002
+ * Author: Jinliang Fan
+ *
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <stdint.h>
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#include "panonymizer.h"
+
+static	uint8_t m_key[16]; //128 bit secret key
+static	uint8_t m_pad[16]; //128 bit secret pad
+
+// Init
+void PAnonymizer_Init(uint8_t * key) {
+  //initialize the 128-bit secret key.
+  memcpy(m_key, key, 16);
+  //initialize the Rijndael cipher.
+  Rijndael_init(ECB, Encrypt, key, Key16Bytes, NULL);
+  //initialize the 128-bit secret pad. The pad is encrypted before being used for padding.
+  Rijndael_blockEncrypt(key + 16, 128, m_pad);
+}
+
+int ParseCryptoPAnKey ( char *s, char *key ) {
+int i, j;
+char numstr[3];
+uint32_t len = strlen(s);
+
+	if ( len < 32  || len > 66 ) {
+		fprintf(stderr, "*** CryptoPAnKey error: size: %u\n", len);
+		fprintf(stderr, "*** Need either a plain 32 char string, or a 32 byte hex key starting with 0x..\n");
+		return 0;
+	}
+
+	if ( strlen(s) == 32 ) {
+		// Key is a string
+		strncpy(key, s, 32);
+		return 1;
+	}
+
+	s[1] = tolower(s[1]);
+	numstr[2] = 0;
+	if ( strlen(s) == 66 && s[0] == '0' && s[1] == 'x' ) {
+		j = 2;
+		for ( i=0; i<32; i++ ) {
+			if ( !isxdigit((int)s[j]) || !isxdigit((int)s[j+1]) )
+				return 0;
+			numstr[0] = s[j++];
+			numstr[1] = s[j++];
+			key[i] = strtol(numstr, NULL, 16);
+		}
+		return 1;
+	}
+
+	// It's an invalid key
+	fprintf(stderr, "*** CryptoPAnKey error: size: %u\n", len);
+	fprintf(stderr, "*** Need either a plain 32 char string, or a 32 byte hex key starting with 0x..\n");
+	return 0;
+
+} // End of ParseCryptoPAnKey
+
+//Anonymization funtion
+uint32_t anonymize(const uint32_t orig_addr) {
+    uint8_t rin_output[16];
+    uint8_t rin_input[16];
+
+    uint32_t result = 0;
+    uint32_t first4bytes_pad, first4bytes_input;
+    int pos;
+
+    memcpy(rin_input, m_pad, 16);
+    first4bytes_pad = (((uint32_t) m_pad[0]) << 24) + (((uint32_t) m_pad[1]) << 16) +
+	(((uint32_t) m_pad[2]) << 8) + (uint32_t) m_pad[3];
+
+    // For each prefixes with length from 0 to 31, generate a bit using the Rijndael cipher,
+    // which is used as a pseudorandom function here. The bits generated in every rounds
+    // are combineed into a pseudorandom one-time-pad.
+    for (pos = 0; pos <= 31 ; pos++) {
+
+	//Padding: The most significant pos bits are taken from orig_addr. The other 128-pos
+        //bits are taken from m_pad. The variables first4bytes_pad and first4bytes_input are used
+	//to handle the annoying byte order problem.
+	if (pos==0) {
+	  first4bytes_input =  first4bytes_pad;
+	}
+	else {
+	  first4bytes_input = ((orig_addr >> (32-pos)) << (32-pos)) | ((first4bytes_pad<<pos) >> pos);
+	}
+	rin_input[0] = (uint8_t) (first4bytes_input >> 24);
+	rin_input[1] = (uint8_t) ((first4bytes_input << 8) >> 24);
+	rin_input[2] = (uint8_t) ((first4bytes_input << 16) >> 24);
+	rin_input[3] = (uint8_t) ((first4bytes_input << 24) >> 24);
+
+	//Encryption: The Rijndael cipher is used as pseudorandom function. During each
+	//round, only the first bit of rin_output is used.
+	Rijndael_blockEncrypt(rin_input, 128, rin_output);
+
+	//Combination: the bits are combined into a pseudorandom one-time-pad
+	result |=  (rin_output[0] >> 7) << (31-pos);
+    }
+    //XOR the orginal address with the pseudorandom one-time-pad
+    return result ^ orig_addr;
+}
+
+/* little endian CPU's are boring! - but give it a try
+ * orig_addr is a ptr to memory, return by inet_pton for IPv6
+ * anon_addr return the result in the same order
+ */
+void anonymize_v6(const uint64_t orig_addr[2], uint64_t *anon_addr) {
+    uint8_t rin_output[16], *orig_bytes, *result;
+    uint8_t rin_input[16];
+
+    int pos, i, bit_num, left_byte;
+
+	anon_addr[0] = anon_addr[1] = 0;
+	result 		 = (uint8_t *)anon_addr;
+	orig_bytes 	 = (uint8_t *)orig_addr;
+
+    // For each prefixes with length from 0 to 127, generate a bit using the Rijndael cipher,
+    // which is used as a pseudorandom function here. The bits generated in every rounds
+    // are combineed into a pseudorandom one-time-pad.
+    for (pos = 0; pos <= 127 ; pos++) {
+		bit_num = pos & 0x7;
+		left_byte = (pos >> 3);
+
+		for ( i=0; i<left_byte; i++ ) {
+			rin_input[i] = orig_bytes[i];
+		}
+		rin_input[left_byte] = orig_bytes[left_byte] >> (7-bit_num) << (7-bit_num) | (m_pad[left_byte]<<bit_num) >> bit_num;
+		for ( i=left_byte+1; i<16; i++ ) {
+			rin_input[i] = m_pad[i];
+		}
+
+		//Encryption: The Rijndael cipher is used as pseudorandom function. During each
+		//round, only the first bit of rin_output is used.
+		Rijndael_blockEncrypt(rin_input, 128, rin_output);
+
+		//Combination: the bits are combined into a pseudorandom one-time-pad
+		result[left_byte] |= (rin_output[0] >> 7) << bit_num;
+
+    }
+    //XOR the orginal address with the pseudorandom one-time-pad
+	anon_addr[0] ^= orig_addr[0];
+	anon_addr[1] ^= orig_addr[1];
+
+}

src/plugins/intermediate/anonymization/Crypto-PAn/panonymizer.h

@@ -0,0 +1,96 @@
+/*
+ *  Copyright (c) 2017, Peter Haag
+ *  Copyright (c) 2014, Peter Haag
+ *  Copyright (c) 2009, Peter Haag
+ *  Copyright (c) 2004-2008, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
+ *  All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright notice,
+ *     this list of conditions and the following disclaimer in the documentation
+ *     and/or other materials provided with the distribution.
+ *   * Neither the name of the author nor the names of its contributors may be
+ *     used to endorse or promote products derived from this software without
+ *     specific prior written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *  POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Original disclaimer
+ * Atlanta, Georgia 30332.
+ * All Rights Reserved
+ *
+ * The following Software is posted on the Internet by the Georgia
+ * Tech Research Corporation (GTRC). It was developed by employees
+ * of the Georgia Institute of Technology in the College of Computing.
+ * GTRC hereby grants to the user a non-exclusive, royalty-free
+ * license to utilize such Software for the User's own purposes
+ * pursuant to the following conditions.
+ *
+ *
+ * THE SOFTWARE IS LICENSED ON AN "AS IS" BASIS. GTRC MAKES NO WARRANTY
+ * THAT ALL ERRORS CAN BE OR HAVE BEEN ELIMINATED FROM THE SOFTWARE.
+ * GTRC SHALL NOT BE RESPONSIBLE FOR LOSSES OF ANY KIND RESULTING FROM
+ * THE USE OF THE SOFTWARE AND ITS ACCOMPANYING DOCUMENTATION, AND CAN
+ * IN NO WAY PROVIDE COMPENSATION FOR ANY LOSSES SUSTAINED, INCLUDING
+ * BUT NOT LIMITED TO ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY
+ * FOR TORT, OF FOR ANY ACTUAL OR ALLEGED INFRINGEMENT OF PATENTS, COPYRIGHTS,
+ * TRADE SECRETS, OR SIMILAR RIGHTS OF THIRD PARTIES, NOR ANY BUSINESS
+ * EXPENSE, MACHINE DOWNTIME, OR DAMAGES CAUSED LICENSEE BY ANY DEFICIENCY,
+ * DEFECT OR ERROR IN THE SOFTWARE OR MALFUNCTION THEREOF, NOR ANY
+ * INCIDENTAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED. GTRC DISCLAIMS
+ * ALL WARRANTIES, BOTH EXPRESS AND IMPLIED RESPECTING THE USE AND
+ * OPERATION OF THE SOFTWARE AND ANY ACCOMPANYING DOCUMENTATION,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * PARTICULAR PURPOSE AND ANY IMPLIED WARRANTY ARISING FROM COURSE
+ * OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. GTRC MAKES NO
+ * WARRANTY THAT THE SOFTWARE IS ADEQUATELY OR COMPLETELY DESCRIBED
+ * IN, OR BEHAVES IN ACCORDANCE WITH ANY OF THE ACCOMPANYING
+ * DOCUMENTATION. THE USER OF THE SOFTWARE IS EXPECTED TO MAKE THE FINAL
+ * EVALUATION OF THE SOFTWARE'S USEFULNESS IN USER'S OWN ENVIRONMENT.
+ *
+ *
+ * Package: Crypto-PAn 1.0
+ * File: panonymizer.h
+ * Last Update: April 17, 2002
+ * Author: Jinliang Fan
+ *
+ */
+
+#ifndef _PANONYMIZER_H_
+#define _PANONYMIZER_H_ 1
+
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#include "rijndael.h"
+
+// PAnonymizer_Init need a 256-bit key
+// The first 128 bits of the key are used as the secret key for rijndael cipher
+// The second 128 bits of the key are used as the secret pad for padding
+void PAnonymizer_Init(uint8_t * key);
+
+int ParseCryptoPAnKey ( char *s, char *key );
+
+uint32_t anonymize( const uint32_t orig_addr);
+
+void anonymize_v6(const uint64_t orig_addr[2], uint64_t *anon_addr);
+
+#endif //_PANONYMIZER_H_