* t_cts.c (test_cts): Process encryption and decryption IVs separately, make

sure they match, and display the value.

ticket: 2223
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index 24172399718747a7832850c12683d5dc7e4a5042..bb9484a5d748ba5198c482754cc1d9b94a13e4a6 100644 (file)
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+       * t_cts.c (test_cts): Process encryption and decryption IVs
+       separately, make sure they match, and display the value.
+
 2003-12-13  Ken Raeburn  <raeburn@mit.edu>
 
        * etypes.c (krb5_enctypes_list): Fill in required_ctype field.

diff --git a/src/lib/crypto/t_cts.c b/src/lib/crypto/t_cts.c
index 5bf1ecba9507764a2b1fd3a2e82265d83a69638e..b105bd2752f69768b0e84aa58be4b603902044cd 100644 (file)
--- a/src/lib/crypto/t_cts.c
+++ b/src/lib/crypto/t_cts.c
@@ -120,27 +120,52 @@ static void test_cts()
                                               krb5_data *);
 
     int i;
-    char outbuf[64];
-    krb5_data in, out;
+    char outbuf[64], encivbuf[16], decivbuf[16], outbuf2[64];
+    krb5_data in, out, enciv, deciv, out2;
     krb5_keyblock key;
     krb5_error_code err;
 
     in.data = input;
     out.data = outbuf;
+    out2.data = outbuf2;
+    enciv.length = deciv.length = 16;
+    enciv.data = encivbuf;
+    deciv.data = decivbuf;
     key.contents = aeskey;
     key.length = 16;
 
+    memset(enciv.data, 0, 16);
     printk("AES 128-bit key", &key);
     for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
+    memset(enciv.data, 0, 16);
+    memset(deciv.data, 0, 16);
+
        printf("\n");
        in.length = out.length = lengths[i];
-       err = krb5int_aes_encrypt(&key, 0, &in, &out);
+       printd("IV", &enciv);
+       err = krb5int_aes_encrypt(&key, &enciv, &in, &out);
        if (err) {
            printf("error %ld from krb5int_aes_encrypt\n", (long)err);
            exit(1);
        }
        printd("Input", &in);
        printd("Output", &out);
+       printd("Next IV", &enciv);
+       out2.length = out.length;
+       err = krb5int_aes_decrypt(&key, &deciv, &out, &out2);
+       if (err) {
+           printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+           exit(1);
+       }
+       if (out2.length != in.length
+           || memcmp(in.data, out2.data, in.length)) {
+           printd("Decryption result DOESN'T MATCH", &out2);
+           exit(1);
+       }
+       if (memcmp(enciv.data, deciv.data, 16)) {
+           printd("Decryption IV result DOESN'T MATCH", &deciv);
+           exit(1);
+       }
     }
 }