commit 2adfcd8bcdd0469b809690660e95f1f609827e86
parent 36d736adf16ec63c3703ec02915e0cf77e168691
Author: sin <sin@2f30.org>
Date: Thu, 31 Mar 2016 17:59:29 +0100
some comments
Diffstat:
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/stun.c b/stun.c
@@ -268,18 +268,23 @@ aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int ptlen,
{
int len, flen;
+ /* initialize encryption operation with the given key and iv */
if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv) != 1)
logerr("EVP_EncryptInit_ex failed");
+ /* encrypt additional authentication data */
if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) != 1)
logerr("EVP_EncryptUpdate failed");
+ /* encrypt payload */
if (EVP_EncryptUpdate(ctx, ct, &len, pt, ptlen) != 1)
logerr("EVP_EncryptUpdate failed");
+ /* finalize encryption */
if (EVP_EncryptFinal_ex(ctx, ct + len, &flen) != 1)
logerr("EVP_EncryptFinal_ex failed");
+ /* get the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, TAGLEN, tag) != 1)
logerr("EVP_CTRL_GCM_GET_TAG failed");
@@ -293,19 +298,23 @@ aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int ctlen,
{
int len, flen;
+ /* initialize decryption operation with the given key and iv */
if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv) != 1)
logerr("EVP_DecryptInit_ex failed");
+ /* decrypt additional authentication data */
if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) != 1)
logerr("EVP_DecryptUpdate failed");
+ /* decrypt payload */
if (EVP_DecryptUpdate(ctx, pt, &len, ct, ctlen) != 1)
logerr("EVP_DecryptUpdate failed");
+ /* set the tag */
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, TAGLEN, tag) != 1)
logerr("EVP_CTRL_GCM_SET_TAG failed");
- /* if this fails, someone has tampered with the packet in transit */
+ /* finalize decryption and check if the tag matches */
if (EVP_DecryptFinal_ex(ctx, pt + len, &flen) != 1)
return -1;
