### Build Draft Documentation with Make (Shell) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/README.md This command executes the default target in the project's Makefile to build formatted versions (text, HTML) of the internet draft. It requires the necessary build tools and dependencies to be installed as per the project's setup instructions. ```sh $ make ``` -------------------------------- ### Illustrating KIASU-BC Encryption Process - Pseudocode Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode block demonstrates the key steps of the KIASU-BC encryption algorithm. It includes the `pad_tweak` function for processing the 8-byte tweak into a 16-byte format and the main `kiasu_bc_encrypt` function which performs AES-like rounds with the tweaked round keys. It requires functions for key expansion, AES round operations (SubBytes, ShiftRows, MixColumns, AddRoundKey), and XOR operations. ```Pseudocode function pad_tweak(tweak): // Input: 8-byte tweak // Output: 16-byte padded tweak padded = [0] * 16 for i in range(0, 8, 2): padded[i*2] = tweak[i] padded[i*2+1] = tweak[i+1] return padded function kiasu_bc_encrypt(key, tweak, plaintext): // Input: 16-byte key, 8-byte tweak, 16-byte plaintext // Output: 16-byte ciphertext // Expand key and pad tweak round_keys = expand_key(key) padded_tweak = pad_tweak(tweak) // Initial round state = plaintext state = add_round_key(state, round_keys[0] ^ padded_tweak) // Main rounds for round in range(1, 10): state = sub_bytes(state) state = shift_rows(state) if round < 9: state = mix_columns(state) state = add_round_key(state, round_keys[round] ^ padded_tweak) // Final round state = sub_bytes(state) state = shift_rows(state) state = add_round_key(state, round_keys[10] ^ padded_tweak) return state ``` -------------------------------- ### Encrypting IP Address Non-Deterministically with KIASU-BC - Pseudocode (ipcrypt-nd) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function encrypts an IP address using the non-deterministic ipcrypt-nd mode based on KIASU-BC. It requires a 16-byte (128-bit) key. It generates a uniformly random 8-byte tweak, converts the IP address to 16 bytes, encrypts the 16-byte representation using `KIASU_BC_encrypt` with the key and tweak, and concatenates the tweak with the resulting 16-byte ciphertext to produce a 24-byte output. It enforces the 16-byte key length. ```pseudocode function ipcrypt_nd_encrypt(ip_address, key): // The key MUST be exactly 16 bytes (128 bits) in length if length(key) != 16: raise Error("Key must be 16 bytes") // Step 1: Generate random tweak (MUST be exactly 8 bytes) tweak = random_bytes(8) // MUST be uniformly random // Step 2: Convert IP to 16-byte representation bytes16 = convertTo16Bytes(ip_address) // Step 3: Encrypt using key and tweak ciphertext = KIASU_BC_encrypt(key, tweak, bytes16) // Step 4: Concatenate tweak and ciphertext result = concatenate(tweak, ciphertext) // 8 bytes || 16 bytes = 24 bytes total return result ``` -------------------------------- ### Decrypting ipcrypt-nd Output with KIASU-BC - Pseudocode (ipcrypt-nd) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function decrypts a 24-byte output generated by `ipcrypt_nd_encrypt`. It requires the same 16-byte (128-bit) key used for encryption. It first splits the 24-byte input into the initial 8-byte tweak and the subsequent 16-byte encrypted IP. It then decrypts the 16-byte encrypted IP using `KIASU_BC_decrypt` with the key and extracted tweak, and finally converts the resulting 16-byte plaintext back into an IP address string using `Bytes16ToIP`. ```pseudocode function ipcrypt_nd_decrypt(ciphertext, key): // Step 1: Split ciphertext into tweak and encrypted IP tweak = ciphertext[0:8] // First 8 bytes encrypted_ip = ciphertext[8:24] // Remaining 16 bytes // Step 2: Decrypt using key and tweak bytes16 = KIASU_BC_decrypt(key, tweak, encrypted_ip) // Step 3: Convert back to IP address ip_address = Bytes16ToIP(bytes16) return ip_address ``` -------------------------------- ### Encrypting Single Block with AES-XTS Pseudocode Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode illustrates the core encryption step for a single 16-byte block (representing an IP address) within the ipcrypt-ndx mode. It uses the AES-XTS structure by splitting the key into K1 and K2, encrypting the tweak with K2, and then applying the XTS-like XOR-encrypt-XOR operation using K1 and the encrypted tweak. ```pseudocode function AES_XTS_encrypt(key, tweak, block): // Split the key into two halves K1, K2 = split_key(key) // Encrypt the tweak with the second half of the key ET = AES128_encrypt(K2, tweak) // Encrypt the block: AES128(block ⊕ ET, K1) ⊕ ET return AES128_encrypt(K1, block ⊕ ET) ⊕ ET ``` -------------------------------- ### Converting IPv6 Address to 16 Bytes - Pseudocode Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function converts a standard IPv6 address string into its 16-byte representation. It relies on an external `parseIPv6` function to handle IPv6 parsing and shorthand notation expansion, which returns the address as eight 16-bit words. It then converts these 16-bit words into 16 individual bytes (high byte first) to form the 16-byte output. ```pseudocode function IPv6To16Bytes(ipv6_address): // Parse the IPv6 address into eight 16-bit words. words = parseIPv6(ipv6_address) // Expands shorthand notation and returns 8 words bytes16 = [] for word in words: high_byte = (word >> 8) & 0xFF low_byte = word & 0xFF bytes16.append(high_byte) bytes16.append(low_byte) return bytes16 ``` -------------------------------- ### Encrypting IP Address Non-Deterministically with AES-XTS - Pseudocode (ipcrypt-ndx) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function encrypts an IP address using the non-deterministic ipcrypt-ndx mode based on AES-XTS. It requires a 32-byte key (two 16-byte AES-128 keys). It generates a uniformly random 16-byte tweak, converts the IP address to 16 bytes, encrypts the 16-byte representation using `AES_XTS_encrypt` with the 32-byte key and the 16-byte tweak, and concatenates the tweak with the resulting 16-byte ciphertext to produce a 32-byte output. It enforces the 32-byte key length. ```pseudocode function ipcrypt_ndx_encrypt(ip_address, key): // The key MUST be exactly 32 bytes (256 bits) in length, consisting of two 16-byte AES-128 keys if length(key) != 32: raise Error("Key must be 32 bytes (two AES-128 keys)") // Step 1: Generate random tweak (MUST be exactly 16 bytes) tweak = random_bytes(16) // MUST be uniformly random // Step 2: Convert IP to 16-byte representation bytes16 = convertTo16Bytes(ip_address) // Step 3: Encrypt using key and tweak // Since only a single block is encrypted, only the first tweak needs to be computed ciphertext = AES_XTS_encrypt(key, tweak, bytes16) // Step 4: Concatenate tweak and ciphertext result = concatenate(tweak, ciphertext) // 16 bytes || 16 bytes = 32 bytes total return result ``` -------------------------------- ### Decrypting ipcrypt-ndx Output with AES-XTS - Pseudocode (ipcrypt-ndx) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function decrypts a 32-byte output generated by `ipcrypt_ndx_encrypt`. It requires the same 32-byte key used for encryption. It first splits the 32-byte input into the initial 16-byte tweak and the subsequent 16-byte encrypted IP. It then decrypts the 16-byte encrypted IP using `AES_XTS_decrypt` with the key and extracted tweak, and finally converts the resulting 16-byte plaintext back into an IP address string using `Bytes16ToIP`. ```pseudocode function ipcrypt_ndx_decrypt(ciphertext, key): // Step 1: Split ciphertext into tweak and encrypted IP tweak = ciphertext[0:16] // First 16 bytes encrypted_ip = ciphertext[16:32] // Remaining 16 bytes // Step 2: Decrypt using key and tweak bytes16 = AES_XTS_decrypt(key, tweak, encrypted_ip) // Step 3: Convert back to IP address ip_address = Bytes16ToIP(bytes16) return ip_address ``` -------------------------------- ### Encrypting IP Address Deterministically - Pseudocode (ipcrypt-deterministic) Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function encrypts an IP address using the deterministic ipcrypt mode. It requires a 16-byte (128-bit) key. It converts the input IP address to its 16-byte representation using `convertTo16Bytes`, encrypts this 16-byte block using `AES128_encrypt` with the provided key, and finally converts the resulting 16-byte ciphertext back into an IP address string using `Bytes16ToIP`. It enforces the 16-byte key length constraint. ```pseudocode function ipcrypt_deterministic(ip_address, key): // The key MUST be exactly 16 bytes (128 bits) in length if length(key) != 16: raise Error("Key must be 16 bytes") bytes16 = convertTo16Bytes(ip_address) ciphertext = AES128_encrypt(key, bytes16) encrypted_ip = Bytes16ToIP(ciphertext) return encrypted_ip ``` -------------------------------- ### Converting IPv4 Address to 16 Bytes - Pseudocode Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function converts a standard IPv4 address string into its 16-byte representation as used by ipcrypt. It splits the address into octets, prepends a 10-byte zero sequence and a 2-byte 0xFF sequence (IPv4-mapped prefix), and then appends the four octets as individual bytes. It raises an error for invalid IPv4 format. ```pseudocode function IPv4To16Bytes(ipv4_address): // Split the IPv4 address into its octets parts = ipv4_address.split(".") if length(parts) != 4: raise Error("Invalid IPv4 address") // Create a 16-byte array with the IPv4-mapped prefix bytes16 = [0x00] * 10 // 10 bytes of 0x00 bytes16.append(0xFF) // 11th byte: 0xFF bytes16.append(0xFF) // 12th byte: 0xFF // Append each octet (converted to an 8-bit integer) for part in parts: bytes16.append(int(part)) return bytes16 ``` -------------------------------- ### Converting 16-Byte Array to IP Address - Pseudocode Source: https://github.com/jedisct1/draft-denis-ipcrypt/blob/main/draft-denis-ipcrypt.md This pseudocode function converts a 16-byte array back into either an IPv4 or IPv6 address string based on its content. It first checks for the presence of the IPv4-mapped prefix ([0x00]*10 || 0xFF || 0xFF). If found, it extracts the last four bytes and formats them as an IPv4 address (dot-separated decimals). Otherwise, it treats the array as an IPv6 address, converting pairs of bytes into 16-bit words and formatting them as a colon-separated hexadecimal IPv6 address. ```pseudocode function Bytes16ToIP(bytes16): if length(bytes16) != 16: raise Error("Invalid byte array") // Check for the IPv4-mapped prefix if bytes16[0:10] == [0x00]*10 and bytes16[10] == 0xFF and bytes16[11] == 0xFF: ipv4_parts = [] for i from 12 to 15: ipv4_parts.append(str(bytes16[i])) ipv4_address = join(ipv4_parts, ".") return ipv4_address else: words = [] for i from 0 to 15 step 2: word = (bytes16[i] << 8) | bytes16[i+1] words.append(format(word, "x")) ipv6_address = join(words, ":") return ipv6_address ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.