v1.3.0

- Update to official v1.3.0
DNS-OARC · Mar 20, 2024 · 4ba1e29 · 4ba1e29
1 parent ca84d33
commit 4ba1e29
Show file tree

Hide file tree

Showing 11 changed files with 515 additions and 134 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,6 +18,7 @@ Makefile.old
 aclocal.m4
 compile
 configure
+configure~
 depcomp
 install-sh
 missing
@@ -28,3 +29,4 @@ m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
 build/
+src/config.h.in~
diff --git a/Makefile.am b/Makefile.am
@@ -1,6 +1,6 @@
-lib_LTLIBRARIES = libcryptopant.la
-libcryptopant_la_SOURCES = src/cryptopANT.c src/cryptopANT.h
-libcryptopant_la_LDFLAGS = -version-info @CRYPTOPANT_LIBRARY_VERSION@ -lcrypto
+lib_LTLIBRARIES = libcryptopANT.la
+libcryptopANT_la_SOURCES = src/cryptopANT.c src/cryptopANT.h
+libcryptopANT_la_LDFLAGS = -version-info @CRYPTOPANT_LIBRARY_VERSION@ -lcrypto
 ACLOCAL_AMFLAGS = -I m4
 include_HEADERS = src/cryptopANT.h
 dist_man3_MANS = man/cryptopANT.3
@@ -13,21 +13,55 @@ scramble_ips_LDFLAGS = -L.libs -lcryptopANT
 $(bin_PROGRAMS): $(lib_LTLIBRARIES)
 endif
 
-.PHONY: test
-TEST_BINARY = .libs/scramble_ips
-test: all scramble_ips test/keyfile test/ip4s test/ip6s test/ip4s.anon test/ip6s.anon
-	@$(TEST_BINARY) test/keyfile <test/ip4s | cmp -l test/ip4s.anon - \
-		&& echo "ipv4 scrambling test PASSED" \
-		|| echo "ipv4 scrambling test FAILED"
-	@$(TEST_BINARY) test/keyfile <test/ip6s | cmp -l test/ip6s.anon - \
-		&& echo "ipv6 scrambling test PASSED" \
-		|| echo "ipv6 scrambling test FAILED"
-	@$(TEST_BINARY) -r test/keyfile <test/ip4s.anon | cmp -l test/ip4s - \
-		&& echo "ipv4 descrambling test PASSED" \
-		|| echo "ipv4 descrambling test FAILED"
-	@$(TEST_BINARY) -r test/keyfile <test/ip6s.anon | cmp -l test/ip6s - \
-		&& echo "ipv6 descrambling test PASSED" \
-		|| echo "ipv6 descrambling test FAILED"
+TESTS_BINARY = .libs/scramble_ips
+
+TESTS = blowfish aes sha1 md5
+CMP = cmp -s
+
+# variables to control test time
+HEAD6S=1000
+HEAD6R=1000
+
+.PHONY: test 
+.PHONY: test_bf test_aes test_sha1 test_md5
+.PHONY: test_one_bf test_one_aes test_one_sha1 test_one_md5
+
+test: test_bf test_aes test_sha1 test_md5
+
+test_bf: T=blowfish
+test_bf: HEAD6S=100
+test_bf: HEAD6R=10
+test_bf: all test_one_bf
+
+test_aes: T=aes
+test_aes: all test_one_aes
+
+test_sha1: T=sha1
+test_sha1: all test_one_sha1
+
+test_md5: T=md5
+test_md5: all test_one_md5
+
+test_one_aes test_one_bf test_one_sha1 test_one_md5:
+	@test -x scramble_ips || { \
+		echo "scramble_ips binary wasn't built, run './configure --with-scramble_ips'"; \
+		exit 1; \
+	}
+	@echo "testing crypto $T"
+	@./scramble_ips test/keyfile.$(T) <test/ip4s | $(CMP) test/ip4s.anon.$(T) - \
+	  && echo "  ipv4 scrambling test PASSED" \
+	  || echo "  ipv4 scrambling test FAILED"
+	@./scramble_ips test/keyfile.$(T) <test/ip6s \
+          | head -n $(HEAD6S) | $(CMP) <(head -n $(HEAD6S) test/ip6s.anon.$(T)) -  \
+	    && echo "  ipv6 scrambling test PASSED" \
+	    || echo "  ipv6 scrambling test FAILED"
+	@./scramble_ips -r test/keyfile.$(T) <test/ip4s.anon.$(T) | $(CMP) test/ip4s - \
+	  && echo "  ipv4 descrambling test PASSED" \
+	  || echo "  ipv4 descrambling test FAILED"
+	@./scramble_ips -r test/keyfile.$(T) <test/ip6s.anon.$(T) \
+	  | head -n $(HEAD6R) | $(CMP) <(head -n $(HEAD6R) test/ip6s) - \
+	    && echo "  ipv6 descrambling test PASSED" \
+	    || echo "  ipv6 descrambling test FAILED"
 
 .PHONY: rpmbuild
 rpmbuild: dist

diff --git a/configure.ac b/configure.ac
@@ -1,6 +1,6 @@
 m4_define([cryptopANT_major_version], [1])
-m4_define([cryptopANT_minor_version], [2])
-m4_define([cryptopANT_micro_version], [1])
+m4_define([cryptopANT_minor_version], [3])
+m4_define([cryptopANT_micro_version], [0])
 m4_define([cryptopANT_version], [cryptopANT_major_version.cryptopANT_minor_version.cryptopANT_micro_version])
 
 #format: current:revision:age
@@ -14,13 +14,20 @@ m4_define([cryptopANT_library_version], ["1:3:0"])
 AC_INIT([cryptopANT], [cryptopANT_version], [[email protected]], [cryptopANT])
 dnl m4_pattern_allow(AC_CONFIG_MACRO_DIRS)
 AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_HEADERS([src/config.h])
 AC_PROG_CC
 AC_C_BIGENDIAN()
 AM_PROG_CC_C_O
 
 # Check headers
 AC_CHECK_HEADERS([openssl/blowfish.h], HAVE_OPENSSL=1, HAVE_OPENSSL=0)
 AC_CHECK_HEADERS([openssl/sha.h],,                     HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/aes.h],,                     HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/md5.h],,                     HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/evp.h],,                     HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/provider.h],,                HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/err.h],,                     HAVE_OPENSSL=0)
+AC_CHECK_HEADERS([openssl/core_names.h],,              HAVE_OPENSSL=0)
 
 # Check for POSIX regular expressions support.
 AC_CHECK_HEADERS([regex.h], HAVE_REGEX_H=1,            HAVE_REGEX_H=0)
@@ -33,11 +40,17 @@ fi
 if test "x$HAVE_REGEX_H" = "x0"; then
 	AC_MSG_FAILURE([regex library is not found: make sure glibc-devel is installed])
 fi
-AC_CHECK_LIB([crypto], [BF_ecb_encrypt],,              HAVE_OPENSSL=0)
 if test "x$HAVE_OPENSSL_H" = "x0"; then
      AC_MSG_FAILURE([ssl is not found: make sure openssl-devel is installed])
 fi
+AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],,          HAVE_OPENSSL=0)
+AC_CHECK_LIB([crypto], [EVP_MD_CTX_new],,              HAVE_OPENSSL=0)
+if test "x$HAVE_OPENSSL" = "x0"; then
+     AC_MSG_FAILURE([ssl is not found: make sure openssl library version 3.1.0 or higher  is installed])
+fi
 
+AC_DEFINE([HAVE_S6_ADDR32], [0], [S6_ADDR32 is present in in6_addr when defined])
+AC_DEFINE([HAVE__U6_ADDR32], [0], [U6_ADDR32 is present in in6_addr when defined])
 AC_CHECK_MEMBER([struct in6_addr.s6_addr32],
 	[AC_DEFINE([HAVE_S6_ADDR32], [1])],
 	[

diff --git a/cryptopANT.spec.in b/cryptopANT.spec.in
@@ -12,9 +12,9 @@ Packager:               [email protected]
 Prefix:                 /usr
 Group:                  System/Libraries
 BuildRequires:          gcc glibc-headers 
-BuildRequires:          openssl-devel
+BuildRequires:          openssl-devel >= 1.3.0
 BuildRequires:          autoconf automake libtool
-Requires:               openssl
+Requires:               openssl >= 1.3.0
 
 %description
 cryptopANT is a library for ip address anonymization.  It implements a
@@ -26,13 +26,13 @@ and ipv6 addresses.
 %setup -q
 
 %build
-sh autogen.sh
-%configure
+%configure --with-scramble_ips
 make
 
 %install
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=%{buildroot}
+libtool --finish %{_libdir}
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -51,5 +51,5 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.so.*
 %{_libdir}/*.a
 %exclude %{_libdir}/*.la
-%{_bindir}/*
+%{_bindir}/scramble_ips
 %{_mandir}/man3/*
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+cryptopant (1.3.0-1~unstable+1) unstable; urgency=low
+
+  * Update to v1.3.0
+
+ -- Jerry Lundström <[email protected]>  Wed, 20 Mar 2024 12:32:11 +0100
+
 cryptopant (1.2.1-1~unstable+1) unstable; urgency=low
 
   * Update to v1.2.1

diff --git a/man/cryptopANT.3 b/man/cryptopANT.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2018 by the University of Southern California
+.\" Copyright (C) 2004-2024 by the University of Southern California
 .\"
 .\" This program is free software; you can redistribute it and/or
 .\" modify it under the terms of the GNU General Public License,
@@ -13,7 +13,7 @@
 .\" with this program; if not, write to the Free Software Foundation, Inc.,
 .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
 .\"
-.TH cryptopANT 3cryptopANT "2018-07-16"
+.TH cryptopANT 3cryptopANT "2024-01-24"
 .SH NAME
 cryptopANT \- IP Address Anonymization Library
 .SH SYNOPSIS
@@ -52,13 +52,16 @@ of IPv4 (c4) and IPv6 (c6) addresses.  See
 for possible values of c4 and c6.  Typically used are:
 .BR SCRAMBLE_NONE
 for no scrambling or
-.BR SCRAMBLE_BLOWFISH
-for scrambling using (fast) Blowfish cypher.  If keyfile does not exist, it is created.
+.BR SCRAMBLE_AES
+for scrambling using fast AES cypher.  If the keyfile does not exist, it is created.
 This function internally calls
 .BR scramble_readstate()
 and
 .BR scrable_init().
 Returns 0 if successful.
+.BR SCRAMBLE_BLOWFISH
+uses blowfish cypher.  While previously widely used, it's no longer recommended, as scrambling
+of ipv6 addresses can be very slow.
 .P
 .EX
 .BR "int32_t   scramble_ip4(uint32_t input, int pass_bits)"

diff --git a/rpm/cryptopant.spec b/rpm/cryptopant.spec
@@ -1,7 +1,7 @@
 %define sover   1
 %define libname libcryptopant%{sover}
 Name:           cryptopant
-Version:        1.2.1
+Version:        1.3.0
 Release:        1%{?dist}
 Summary:        IP address anonymization library
 Group:          Development/Libraries/C and C++
@@ -88,6 +88,8 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Mar 20 2024 Jerry Lundström <[email protected]> 1.3.0-1
+- Update to v1.3.0
 * Tue Oct 01 2019 Jerry Lundström <[email protected]> 1.2.1-1
 - Update to v1.2.1
 * Wed Jun 19 2019 Jerry Lundström <[email protected]> 1.2.0-1

diff --git a/src/config.h.in b/src/config.h.in
@@ -0,0 +1,138 @@
+/* src/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `crypto' library (-lcrypto). */
+#undef HAVE_LIBCRYPTO
+
+/* Define to 1 if you have the <openssl/aes.h> header file. */
+#undef HAVE_OPENSSL_AES_H
+
+/* Define to 1 if you have the <openssl/blowfish.h> header file. */
+#undef HAVE_OPENSSL_BLOWFISH_H
+
+/* Define to 1 if you have the <openssl/core_names.h> header file. */
+#undef HAVE_OPENSSL_CORE_NAMES_H
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#undef HAVE_OPENSSL_ERR_H
+
+/* Define to 1 if you have the <openssl/evp.h> header file. */
+#undef HAVE_OPENSSL_EVP_H
+
+/* Define to 1 if you have the <openssl/md5.h> header file. */
+#undef HAVE_OPENSSL_MD5_H
+
+/* Define to 1 if you have the <openssl/provider.h> header file. */
+#undef HAVE_OPENSSL_PROVIDER_H
+
+/* Define to 1 if you have the <openssl/sha.h> header file. */
+#undef HAVE_OPENSSL_SHA_H
+
+/* Define to 1 if you have the `regcomp' function. */
+#undef HAVE_REGCOMP
+
+/* Define to 1 if you have the `regexec' function. */
+#undef HAVE_REGEXEC
+
+/* Define to 1 if you have the <regex.h> header file. */
+#undef HAVE_REGEX_H
+
+/* S6_ADDR32 is present in in6_addr when defined */
+#undef HAVE_S6_ADDR32
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* U6_ADDR32 is present in in6_addr when defined */
+#undef HAVE__U6_ADDR32
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+#  undef WORDS_BIGENDIAN
+# endif
+#endif
+
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+#undef _UINT32_T
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+#undef uint32_t