From be07485431d1aeb3eaa6fb903d1c6d2b1b065383 Mon Sep 17 00:00:00 2001 From: WieeRd Date: Mon, 13 May 2024 05:17:45 +0900 Subject: [PATCH] feat!: make `scramble_ipv4()` preserve IP class Disabled OpenSSL ipv4 tests due to altered output. --- src/backends/openssl.rs | 144 +++++++++++++++++++++------------------- src/scramble.rs | 14 +++- 2 files changed, 85 insertions(+), 73 deletions(-) diff --git a/src/backends/openssl.rs b/src/backends/openssl.rs index 0ed1371..0823872 100644 --- a/src/backends/openssl.rs +++ b/src/backends/openssl.rs @@ -89,77 +89,81 @@ mod tests { #[test] fn test_scramble_ipv4_full() -> Result<(), ErrorStack> { + // TEST: ASAP: need a separate test case for class preserving + // | https://github.com/DNS-OARC/cryptopANT/tree/develop/test + // | cryptopANT have their own test dataset and known to support + // | class preserving. We can steal the data and aes key from here. run_test_cases(&[ - ("128.11.68.132", "135.242.180.132"), - ("129.118.74.4", "134.136.186.123"), - ("130.132.252.244", "133.68.164.234"), - ("141.223.7.43", "141.167.8.160"), - ("141.233.145.108", "141.129.237.235"), - ("152.163.225.39", "151.140.114.167"), - ("156.29.3.236", "147.225.12.42"), - ("165.247.96.84", "162.9.99.234"), - ("166.107.77.190", "160.132.178.185"), - ("192.102.249.13", "252.138.62.131"), - ("192.215.32.125", "252.43.47.189"), - ("192.233.80.103", "252.25.108.8"), - ("192.41.57.43", "252.222.221.184"), - ("193.150.244.223", "253.169.52.216"), - ("195.205.63.100", "255.186.223.5"), - ("198.200.171.101", "249.199.68.213"), - ("198.26.132.101", "249.36.123.202"), - ("198.36.213.5", "249.7.21.132"), - ("198.51.77.238", "249.18.186.254"), - ("199.217.79.101", "248.38.184.213"), - ("202.49.198.20", "245.206.7.234"), - ("203.12.160.252", "244.248.163.4"), - ("204.184.162.189", "243.192.77.90"), - ("204.202.136.230", "243.178.4.198"), - ("204.29.20.4", "243.33.20.123"), - ("205.178.38.67", "242.108.198.51"), - ("205.188.147.153", "242.96.16.101"), - ("205.188.248.25", "242.96.88.27"), - ("205.245.121.43", "242.21.121.163"), - ("207.105.49.5", "241.118.205.138"), - ("207.135.65.238", "241.202.129.222"), - ("207.155.9.214", "241.220.250.22"), - ("207.188.7.45", "241.255.249.220"), - ("207.25.71.27", "241.33.119.156"), - ("207.33.151.131", "241.1.233.131"), - ("208.147.89.59", "227.237.98.191"), - ("208.234.120.210", "227.154.67.17"), - ("208.28.185.184", "227.39.94.90"), - ("208.52.56.122", "227.8.63.165"), - ("209.12.231.7", "226.243.167.8"), - ("209.238.72.3", "226.6.119.243"), - ("209.246.74.109", "226.22.124.76"), - ("209.68.60.238", "226.184.220.233"), - ("209.85.249.6", "226.170.70.6"), - ("212.120.124.31", "228.135.163.231"), - ("212.146.8.236", "228.19.4.234"), - ("212.186.227.154", "228.59.98.98"), - ("212.204.172.118", "228.71.195.169"), - ("212.206.130.201", "228.69.242.193"), - ("216.148.237.145", "235.84.194.111"), - ("216.157.30.252", "235.89.31.26"), - ("216.184.159.48", "235.96.225.78"), - ("216.227.10.221", "235.28.253.36"), - ("216.254.18.172", "235.7.16.162"), - ("216.32.132.250", "235.192.139.38"), - ("216.35.217.178", "235.195.157.81"), - ("24.0.250.221", "100.15.198.226"), - ("24.13.62.231", "100.2.192.247"), - ("24.14.213.138", "100.1.42.141"), - ("24.5.0.80", "100.9.15.210"), - ("24.7.198.88", "100.10.6.25"), - ("24.94.26.44", "100.88.228.35"), - ("38.15.67.68", "64.3.66.187"), - ("4.3.88.225", "124.60.155.63"), - ("63.14.55.111", "95.9.215.7"), - ("63.195.241.44", "95.179.238.44"), - ("63.97.7.140", "95.97.9.123"), - ("64.14.118.196", "0.255.183.58"), - ("64.34.154.117", "0.221.154.117"), - ("64.39.15.238", "0.219.7.41"), + // ("128.11.68.132", "135.242.180.132"), + // ("129.118.74.4", "134.136.186.123"), + // ("130.132.252.244", "133.68.164.234"), + // ("141.223.7.43", "141.167.8.160"), + // ("141.233.145.108", "141.129.237.235"), + // ("152.163.225.39", "151.140.114.167"), + // ("156.29.3.236", "147.225.12.42"), + // ("165.247.96.84", "162.9.99.234"), + // ("166.107.77.190", "160.132.178.185"), + // ("192.102.249.13", "252.138.62.131"), + // ("192.215.32.125", "252.43.47.189"), + // ("192.233.80.103", "252.25.108.8"), + // ("192.41.57.43", "252.222.221.184"), + // ("193.150.244.223", "253.169.52.216"), + // ("195.205.63.100", "255.186.223.5"), + // ("198.200.171.101", "249.199.68.213"), + // ("198.26.132.101", "249.36.123.202"), + // ("198.36.213.5", "249.7.21.132"), + // ("198.51.77.238", "249.18.186.254"), + // ("199.217.79.101", "248.38.184.213"), + // ("202.49.198.20", "245.206.7.234"), + // ("203.12.160.252", "244.248.163.4"), + // ("204.184.162.189", "243.192.77.90"), + // ("204.202.136.230", "243.178.4.198"), + // ("204.29.20.4", "243.33.20.123"), + // ("205.178.38.67", "242.108.198.51"), + // ("205.188.147.153", "242.96.16.101"), + // ("205.188.248.25", "242.96.88.27"), + // ("205.245.121.43", "242.21.121.163"), + // ("207.105.49.5", "241.118.205.138"), + // ("207.135.65.238", "241.202.129.222"), + // ("207.155.9.214", "241.220.250.22"), + // ("207.188.7.45", "241.255.249.220"), + // ("207.25.71.27", "241.33.119.156"), + // ("207.33.151.131", "241.1.233.131"), + // ("208.147.89.59", "227.237.98.191"), + // ("208.234.120.210", "227.154.67.17"), + // ("208.28.185.184", "227.39.94.90"), + // ("208.52.56.122", "227.8.63.165"), + // ("209.12.231.7", "226.243.167.8"), + // ("209.238.72.3", "226.6.119.243"), + // ("209.246.74.109", "226.22.124.76"), + // ("209.68.60.238", "226.184.220.233"), + // ("209.85.249.6", "226.170.70.6"), + // ("212.120.124.31", "228.135.163.231"), + // ("212.146.8.236", "228.19.4.234"), + // ("212.186.227.154", "228.59.98.98"), + // ("212.204.172.118", "228.71.195.169"), + // ("212.206.130.201", "228.69.242.193"), + // ("216.148.237.145", "235.84.194.111"), + // ("216.157.30.252", "235.89.31.26"), + // ("216.184.159.48", "235.96.225.78"), + // ("216.227.10.221", "235.28.253.36"), + // ("216.254.18.172", "235.7.16.162"), + // ("216.32.132.250", "235.192.139.38"), + // ("216.35.217.178", "235.195.157.81"), + // ("24.0.250.221", "100.15.198.226"), + // ("24.13.62.231", "100.2.192.247"), + // ("24.14.213.138", "100.1.42.141"), + // ("24.5.0.80", "100.9.15.210"), + // ("24.7.198.88", "100.10.6.25"), + // ("24.94.26.44", "100.88.228.35"), + // ("38.15.67.68", "64.3.66.187"), + // ("4.3.88.225", "124.60.155.63"), + // ("63.14.55.111", "95.9.215.7"), + // ("63.195.241.44", "95.179.238.44"), + // ("63.97.7.140", "95.97.9.123"), + // ("64.14.118.196", "0.255.183.58"), + // ("64.34.154.117", "0.221.154.117"), + // ("64.39.15.238", "0.219.7.41"), ]) } diff --git a/src/scramble.rs b/src/scramble.rs index 8849933..7ef656f 100644 --- a/src/scramble.rs +++ b/src/scramble.rs @@ -112,9 +112,17 @@ impl Scrambler { let mut bytes = [0; 16]; bytes[..4].copy_from_slice(&addr.octets()); - // FEAT: ASAP: calculate pass_bits based on ip class - // match bytes[0] {} - let anonymized = self.scramble(&bytes, 32, 0); + // this amount of bits will be left unanonymized; + // preserving the exact same class prefix from the original addr + let pass_bits = match addr.octets()[0] >> 4 { + 0b0000..=0b0111 => 1, // class A: 0b0... + 0b1000..=0b1011 => 2, // class B: 0b10.. + 0b1100..=0b1101 => 3, // class C: 0b110. + 0b1110..=0b1110 => 4, // class D: 0b1110 + _ => return addr, // class E: 0b1111 - do not anonymize + }; + + let anonymized = self.scramble(&bytes, 32, pass_bits); let truncated: [u8; 4] = anonymized[..4].try_into().unwrap(); truncated.into()