Documentation ¶
Overview ¶
Package ipcipher implements the ipcipher specification, which can be used for encrypting and decrypting IP addresses.
The package provides simple Encrypt and Decrypt functions, as well as a block.Cipher. Using block.Cipher significantly speeds up encryption of IPv6 addresses.
For more information on the ipcipher specification, see: https://powerdns.org/ipcipher/ipcipher.md.html
Index ¶
- Constants
- func Decrypt(key *Key, dst, src net.IP) error
- func DecryptIPv4(k *Key, dst, src net.IP)
- func DecryptIPv6(key *Key, dst, src net.IP) (err error)
- func Encrypt(key *Key, dst, src net.IP) error
- func EncryptIPv4(k *Key, dst, src net.IP)
- func EncryptIPv6(key *Key, dst, src net.IP) (err error)
- func New(key *Key) cipher.Block
- type Key
Examples ¶
Constants ¶
const Salt = "ipcipheripcipher"
Salt is the salt used for key derivation.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt an IP address. The provided IP address is validated and decrypted using the correct method. This adds some overhead which can be avoided by using EncryptIPv4 or EncryptIPv6 directly. Dst and src may point at the same memory for in-place decryption.
func DecryptIPv4 ¶
DecryptIPv4 decrypts an IPv4 address with a 16 byte key using the ipcrypt cipher. Dst and src must be exactly 4 bytes long (by calling To4() for example), as they are not validated or converted with net.IP.To4() beforehand. Dst and src may point at the same memory for in-place decryption.
func DecryptIPv6 ¶
DecryptIPv6 decrypts an IPv6 address. The IP address is not validated beforehand. Dst and src may point at the same memory for in-place decryption.
func Encrypt ¶
Encrypt an IP address. The provided IP address is validated and encrypted using the correct method. This adds some overhead which can be avoided by using EncryptIPv4 and EncryptIPv6 directly. Dst and src may point at the same memory for in-place encryption.
Example ¶
package main import ( "fmt" "net" "github.com/silkeh/ipcipher" ) func main() { key := ipcipher.GenerateKeyFromPassword("ipcipher") src := net.ParseIP("127.0.0.1") dst := net.IPv4zero ipcipher.Encrypt(key, dst, src) fmt.Printf("%s encrypted to %s\n", src, dst) }
Output: 127.0.0.1 encrypted to 215.184.24.73
func EncryptIPv4 ¶
EncryptIPv4 encrypts an IPv4 address with a 16 byte key using the ipcrypt cipher. Dst and src must be exactly 4 bytes long (by calling To4() for example), as they are not validated or converted with net.IP.To4() beforehand. Dst and src may point at the same memory for in-place encryption.
func EncryptIPv6 ¶
EncryptIPv6 encrypts an IPv6 address. The IP address is not validated beforehand. Dst and src may point at the same memory for in-place encryption.
func New ¶
New creates and returns a new cipher.Block for IPcipher.
Example (Encrypt) ¶
package main import ( "fmt" "net" "github.com/silkeh/ipcipher" ) func main() { key := ipcipher.GenerateKeyFromPassword("ipcipher") c := ipcipher.New(key) ip := net.ParseIP("2001:db8::") for i := 0; i < 1000000; i++ { c.Encrypt(ip, ip) } fmt.Printf("Encrypted to %s\n", ip) }
Output: Encrypted to fa7d:c4fa:1826:380e:7c88:59cb:9172:f991
Types ¶
type Key ¶
type Key = [16]byte
Key represents a key used for encrypting and decrypting IP addresses.
func GenerateKey ¶
GenerateKey generates a completely random key.
func GenerateKeyFromPassword ¶
GenerateKeyFromPassword derives a key from a password. TODO: look into doing this without copy