Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for encrypting IP addresses #gdpr #7481

Merged
merged 21 commits into from
Apr 4, 2019

Conversation

rgacogne
Copy link
Member

Short description

Based on #6242, with the following changes:

  • Rebased on current master
  • Add IP pseudonymization options to RemoteLog{,Response}Action
  • Add regression tests for protobuf pseudonymization
  • Minor cleanup (only link OpenSSL's libssl or GnuTLS when needed, remove trailing whitespaces, build ipcrypt as a separate (static) library since it's written in C)

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne
Copy link
Member Author

We might want to squash a bit before merging, if only to make sure that all commits compile.

@rgacogne rgacogne force-pushed the ipcrypt branch 2 times, most recently from 2929377 to e85b2cf Compare February 20, 2019 10:10
ahupowerdns and others added 21 commits March 25, 2019 10:22
With this change, PowerDNS core gains ability to encrypt & decrypt IP addresses as described in https://medium.com/@bert.hubert/on-ip-address-encryption-security-analysis-with-respect-for-privacy-dabe1201b476
For IPv4 this uses ipcrypt, for IPv6 it uses a 128-bit AES ECB operation.
This CR also hooks up ipencrypt() and ipdecrypt() methods for dnsdist use, specifically to pseudonomyse logging.
Otherwise we could compile it as C++ code, leading to this warning
from the compiler:

```
cc1: warning: command line option ‘-std=c++11’ is valid for C++/ObjC++ but not for C
```
@rgacogne
Copy link
Member Author

Rebased to fix a conflict.

@rgacogne rgacogne merged commit 839195e into PowerDNS:master Apr 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants