From: Ken Raeburn <raeburn@mit.edu>
Date: Mon, 9 Feb 2004 22:08:09 +0000 (+0000)
Subject: * t_cts.c (test_cts): Process encryption and decryption IVs separately, make
X-Git-Tag: krb5-1.4-beta1~635
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f7f601d95224e4cbcec5215610e61088718f10fa;p=krb5.git

* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
sure they match, and display the value.

ticket: 2223
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index 241723997..bb9484a5d 100644
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-09  Ken Raeburn  <raeburn@mit.edu>
+
+	* t_cts.c (test_cts): Process encryption and decryption IVs
+	separately, make sure they match, and display the value.
+
 2003-12-13  Ken Raeburn  <raeburn@mit.edu>
 
 	* etypes.c (krb5_enctypes_list): Fill in required_ctype field.
diff --git a/src/lib/crypto/t_cts.c b/src/lib/crypto/t_cts.c
index 5bf1ecba9..b105bd275 100644
--- a/src/lib/crypto/t_cts.c
+++ b/src/lib/crypto/t_cts.c
@@ -120,27 +120,52 @@ static void test_cts()
 					       krb5_data *);
 
     int i;
-    char outbuf[64];
-    krb5_data in, out;
+    char outbuf[64], encivbuf[16], decivbuf[16], outbuf2[64];
+    krb5_data in, out, enciv, deciv, out2;
     krb5_keyblock key;
     krb5_error_code err;
 
     in.data = input;
     out.data = outbuf;
+    out2.data = outbuf2;
+    enciv.length = deciv.length = 16;
+    enciv.data = encivbuf;
+    deciv.data = decivbuf;
     key.contents = aeskey;
     key.length = 16;
 
+    memset(enciv.data, 0, 16);
     printk("AES 128-bit key", &key);
     for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
+    memset(enciv.data, 0, 16);
+    memset(deciv.data, 0, 16);
+
 	printf("\n");
 	in.length = out.length = lengths[i];
-	err = krb5int_aes_encrypt(&key, 0, &in, &out);
+	printd("IV", &enciv);
+	err = krb5int_aes_encrypt(&key, &enciv, &in, &out);
 	if (err) {
 	    printf("error %ld from krb5int_aes_encrypt\n", (long)err);
 	    exit(1);
 	}
 	printd("Input", &in);
 	printd("Output", &out);
+	printd("Next IV", &enciv);
+	out2.length = out.length;
+	err = krb5int_aes_decrypt(&key, &deciv, &out, &out2);
+	if (err) {
+	    printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+	    exit(1);
+	}
+	if (out2.length != in.length
+	    || memcmp(in.data, out2.data, in.length)) {
+	    printd("Decryption result DOESN'T MATCH", &out2);
+	    exit(1);
+	}
+	if (memcmp(enciv.data, deciv.data, 16)) {
+	    printd("Decryption IV result DOESN'T MATCH", &deciv);
+	    exit(1);
+	}
     }
 }