Bug: Updated IV returned from AES encryption/decryption is wrong (since v0.10)

[stefanberger]

Describe the bug

The update IV returned from an AES encryption or decryption operation is wrong since v0.10.

Patch with wrong code: d08b929

$ git tag --contains d08b929dede77bee05bd674d48c7a0548528ca9c
v0.10.0
v0.10.0-rc1
v0.10.1

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior/issue showing all commands on command line, needed XML or JSON (if necessary), etc.:

This script here can be used to display the original and update IV. The update IV must be different from the original one, but due to the bug it is the same"

#!/usr/bin/env bash

export TPM2TOOLS_TCTI="swtpm:port=2321"
dd if=/dev/urandom bs=1 count=16 of=iv.bin
dd if=/dev/urandom bs=1 count=16 of=sym.key

tpm2_startup -c
tpm2_loadexternal -r sym.key -G aes -c aes_key.ctx
tpm2_encryptdecrypt -c aes_key.ctx -o secret.enc secret.data -t iv.bin:newiv.bin

od -t x1 iv.bin
od -t x1 newiv.bin

Expected behavior

iv.bin and newiv.bin must contain different IVs.

A clear and concise description of what you expected to happen.

Versions of relevant components

• libtpms: v0.10

[stefanberger]

@elmarco , FYI