stun

simple point to point tunnel
git clone git://git.2f30.org/stun.git
Log | Files | Refs | README

commit 2adfcd8bcdd0469b809690660e95f1f609827e86
parent 36d736adf16ec63c3703ec02915e0cf77e168691
Author: sin <sin@2f30.org>
Date:   Thu Mar 31 17:59:29 +0100

some comments

Diffstat:
stun.c | 11++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/stun.c b/stun.c @@ -268,18 +268,23 @@ aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int ptlen, { int len, flen; + /* initialize encryption operation with the given key and iv */ if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv) != 1) logerr("EVP_EncryptInit_ex failed"); + /* encrypt additional authentication data */ if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) logerr("EVP_EncryptUpdate failed"); + /* encrypt payload */ if (EVP_EncryptUpdate(ctx, ct, &len, pt, ptlen) != 1) logerr("EVP_EncryptUpdate failed"); + /* finalize encryption */ if (EVP_EncryptFinal_ex(ctx, ct + len, &flen) != 1) logerr("EVP_EncryptFinal_ex failed"); + /* get the tag */ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, TAGLEN, tag) != 1) logerr("EVP_CTRL_GCM_GET_TAG failed"); @@ -293,19 +298,23 @@ aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int ctlen, { int len, flen; + /* initialize decryption operation with the given key and iv */ if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv) != 1) logerr("EVP_DecryptInit_ex failed"); + /* decrypt additional authentication data */ if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) logerr("EVP_DecryptUpdate failed"); + /* decrypt payload */ if (EVP_DecryptUpdate(ctx, pt, &len, ct, ctlen) != 1) logerr("EVP_DecryptUpdate failed"); + /* set the tag */ if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, TAGLEN, tag) != 1) logerr("EVP_CTRL_GCM_SET_TAG failed"); - /* if this fails, someone has tampered with the packet in transit */ + /* finalize decryption and check if the tag matches */ if (EVP_DecryptFinal_ex(ctx, pt + len, &flen) != 1) return -1;