Use Array.Resize to reduce allocation. Add more comments.

scott-xu · scott-xu · commit 369f74a49a93 · 2024-12-01T20:09:43.000+08:00
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.BclImpl.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.BclImpl.cs
@@ -52,6 +52,8 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
                 {
                     if (_aes.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)
                     {
+                        // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.
+                        // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21
                         paddingLength = BlockSize - (length % BlockSize);
                         input = input.Take(offset, length);
                         length += paddingLength;
@@ -69,6 +71,7 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
 
                 if (paddingLength > 0)
                 {
+                    // Manually unpad the output.
                     Array.Resize(ref output, output.Length - paddingLength);
                 }
 
@@ -89,11 +92,12 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
                 {
                     if (_aes.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)
                     {
+                        // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.
+                        // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21
                         paddingLength = BlockSize - (length % BlockSize);
-                        var newInput = new byte[input.Length + paddingLength];
-                        Buffer.BlockCopy(input, offset, newInput, 0, length);
-                        input = newInput;
-                        length = input.Length;
+                        input = input.Take(offset, length);
+                        length += paddingLength;
+                        Array.Resize(ref input, length);
                         offset = 0;
                     }
                 }
@@ -107,6 +111,7 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
 
                 if (paddingLength > 0)
                 {
+                    // Manually unpad the output.
                     Array.Resize(ref output, output.Length - paddingLength);
                 }
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/DesCipher.BclImpl.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/DesCipher.BclImpl.cs
@@ -34,9 +34,15 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
             {
                 if (_des.Padding != PaddingMode.None)
                 {
+                    // If padding has been specified, call TransformFinalBlock to apply
+                    // the padding and reset the state.
                     return _encryptor.TransformFinalBlock(input, offset, length);
                 }
 
+                // Otherwise, (the most important case) assume this instance is
+                // used for one direction of an SSH connection, whereby the
+                // encrypted data in all packets are considered a single data
+                // stream i.e. we do not want to reset the state between calls to Encrypt.
                 var output = new byte[length];
                 _ = _encryptor.TransformBlock(input, offset, length, output, 0);
 
@@ -47,9 +53,15 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
             {
                 if (_des.Padding != PaddingMode.None)
                 {
+                    // If padding has been specified, call TransformFinalBlock to apply
+                    // the padding and reset the state.
                     return _decryptor.TransformFinalBlock(input, offset, length);
                 }
 
+                // Otherwise, (the most important case) assume this instance is
+                // used for one direction of an SSH connection, whereby the
+                // encrypted data in all packets are considered a single data
+                // stream i.e. we do not want to reset the state between calls to Encrypt.
                 var output = new byte[length];
                 _ = _decryptor.TransformBlock(input, offset, length, output, 0);
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/TripleDesCipher.BclImpl.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/TripleDesCipher.BclImpl.cs
@@ -43,6 +43,8 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
                 {
                     if (_des.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)
                     {
+                        // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.
+                        // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21
                         paddingLength = BlockSize - (length % BlockSize);
                         input = input.Take(offset, length);
                         length += paddingLength;
@@ -51,11 +53,16 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
                     }
                 }
 
+                // Otherwise, (the most important case) assume this instance is
+                // used for one direction of an SSH connection, whereby the
+                // encrypted data in all packets are considered a single data
+                // stream i.e. we do not want to reset the state between calls to Encrypt.
                 var output = new byte[length];
                 _ = _encryptor.TransformBlock(input, offset, length, output, 0);
 
                 if (paddingLength > 0)
                 {
+                    // Manually unpad the output.
                     Array.Resize(ref output, output.Length - paddingLength);
                 }
 
@@ -66,6 +73,8 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
             {
                 if (_des.Padding != PaddingMode.None)
                 {
+                    // If padding has been specified, call TransformFinalBlock to apply
+                    // the padding and reset the state.
                     return _decryptor.TransformFinalBlock(input, offset, length);
                 }
 
@@ -74,20 +83,26 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
                 {
                     if (_des.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)
                     {
+                        // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.
+                        // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21
                         paddingLength = BlockSize - (length % BlockSize);
-                        var newInput = new byte[input.Length + paddingLength];
-                        Buffer.BlockCopy(input, offset, newInput, 0, length);
-                        input = newInput;
-                        length = input.Length;
+                        input = input.Take(offset, length);
+                        length += paddingLength;
+                        Array.Resize(ref input, length);
                         offset = 0;
                     }
                 }
 
+                // Otherwise, (the most important case) assume this instance is
+                // used for one direction of an SSH connection, whereby the
+                // encrypted data in all packets are considered a single data
+                // stream i.e. we do not want to reset the state between calls to Encrypt.
                 var output = new byte[length];
                 _ = _decryptor.TransformBlock(input, offset, length, output, 0);
 
                 if (paddingLength > 0)
                 {
+                    // Manually unpad the output.
                     Array.Resize(ref output, output.Length - paddingLength);
                 }
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/TripleDesCipher.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/TripleDesCipher.cs
@@ -33,8 +33,9 @@ public TripleDesCipher(byte[] key, byte[] iv, BlockCipherMode mode, bool pkcs7Pa
 #if !NET6_0_OR_GREATER
             if (mode == BlockCipherMode.CFB)
             {
-                // CFB8 not supported on .NET Framework
+                // CFB8 not supported on .NET Framework, but supported on .NET
                 // see https://github.com/microsoft/referencesource/blob/51cf7850defa8a17d815b4700b67116e3fa283c2/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs#L76-L78
+                // see https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/TripleDesImplementation.cs#L229-L236
                 _impl = new BouncyCastleImpl(key, new CfbCipherMode(iv), pkcs7Padding ? new PKCS7Padding() : null);
             }
             else

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,8 @@ public override byte[] Encrypt(byte[] input, int offset, int length)`
`52`	`52`	`{`
`53`	`53`	`if (_aes.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)`
`54`	`54`	`{`
	`55`	`+ // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.`
	`56`	`+ // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21`
`55`	`57`	`paddingLength = BlockSize - (length % BlockSize);`
`56`	`58`	`input = input.Take(offset, length);`
`57`	`59`	`length += paddingLength;`
`@@ -69,6 +71,7 @@ public override byte[] Encrypt(byte[] input, int offset, int length)`
`69`	`71`
`70`	`72`	`if (paddingLength > 0)`
`71`	`73`	`{`
	`74`	`+ // Manually unpad the output.`
`72`	`75`	`Array.Resize(ref output, output.Length - paddingLength);`
`73`	`76`	`}`
`74`	`77`
`@@ -89,11 +92,12 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`89`	`92`	`{`
`90`	`93`	`if (_aes.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)`
`91`	`94`	`{`
	`95`	`+ // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.`
	`96`	`+ // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21`
`92`	`97`	`paddingLength = BlockSize - (length % BlockSize);`
`93`		`- var newInput = new byte[input.Length + paddingLength];`
`94`		`- Buffer.BlockCopy(input, offset, newInput, 0, length);`
`95`		`- input = newInput;`
`96`		`- length = input.Length;`
	`98`	`+ input = input.Take(offset, length);`
	`99`	`+ length += paddingLength;`
	`100`	`+ Array.Resize(ref input, length);`
`97`	`101`	`offset = 0;`
`98`	`102`	`}`
`99`	`103`	`}`
`@@ -107,6 +111,7 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`107`	`111`
`108`	`112`	`if (paddingLength > 0)`
`109`	`113`	`{`
	`114`	`+ // Manually unpad the output.`
`110`	`115`	`Array.Resize(ref output, output.Length - paddingLength);`
`111`	`116`	`}`
`112`	`117`
Original file line number	Diff line number	Diff line change
`@@ -34,9 +34,15 @@ public override byte[] Encrypt(byte[] input, int offset, int length)`
`34`	`34`	`{`
`35`	`35`	`if (_des.Padding != PaddingMode.None)`
`36`	`36`	`{`
	`37`	`+ // If padding has been specified, call TransformFinalBlock to apply`
	`38`	`+ // the padding and reset the state.`
`37`	`39`	`return _encryptor.TransformFinalBlock(input, offset, length);`
`38`	`40`	`}`
`39`	`41`
	`42`	`+ // Otherwise, (the most important case) assume this instance is`
	`43`	`+ // used for one direction of an SSH connection, whereby the`
	`44`	`+ // encrypted data in all packets are considered a single data`
	`45`	`+ // stream i.e. we do not want to reset the state between calls to Encrypt.`
`40`	`46`	`var output = new byte[length];`
`41`	`47`	`_ = _encryptor.TransformBlock(input, offset, length, output, 0);`
`42`	`48`
`@@ -47,9 +53,15 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`47`	`53`	`{`
`48`	`54`	`if (_des.Padding != PaddingMode.None)`
`49`	`55`	`{`
	`56`	`+ // If padding has been specified, call TransformFinalBlock to apply`
	`57`	`+ // the padding and reset the state.`
`50`	`58`	`return _decryptor.TransformFinalBlock(input, offset, length);`
`51`	`59`	`}`
`52`	`60`
	`61`	`+ // Otherwise, (the most important case) assume this instance is`
	`62`	`+ // used for one direction of an SSH connection, whereby the`
	`63`	`+ // encrypted data in all packets are considered a single data`
	`64`	`+ // stream i.e. we do not want to reset the state between calls to Encrypt.`
`53`	`65`	`var output = new byte[length];`
`54`	`66`	`_ = _decryptor.TransformBlock(input, offset, length, output, 0);`
`55`	`67`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@ public override byte[] Encrypt(byte[] input, int offset, int length)`
`43`	`43`	`{`
`44`	`44`	`if (_des.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)`
`45`	`45`	`{`
	`46`	`+ // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.`
	`47`	`+ // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21`
`46`	`48`	`paddingLength = BlockSize - (length % BlockSize);`
`47`	`49`	`input = input.Take(offset, length);`
`48`	`50`	`length += paddingLength;`
`@@ -51,11 +53,16 @@ public override byte[] Encrypt(byte[] input, int offset, int length)`
`51`	`53`	`}`
`52`	`54`	`}`
`53`	`55`
	`56`	`+ // Otherwise, (the most important case) assume this instance is`
	`57`	`+ // used for one direction of an SSH connection, whereby the`
	`58`	`+ // encrypted data in all packets are considered a single data`
	`59`	`+ // stream i.e. we do not want to reset the state between calls to Encrypt.`
`54`	`60`	`var output = new byte[length];`
`55`	`61`	`_ = _encryptor.TransformBlock(input, offset, length, output, 0);`
`56`	`62`
`57`	`63`	`if (paddingLength > 0)`
`58`	`64`	`{`
	`65`	`+ // Manually unpad the output.`
`59`	`66`	`Array.Resize(ref output, output.Length - paddingLength);`
`60`	`67`	`}`
`61`	`68`
`@@ -66,6 +73,8 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`66`	`73`	`{`
`67`	`74`	`if (_des.Padding != PaddingMode.None)`
`68`	`75`	`{`
	`76`	`+ // If padding has been specified, call TransformFinalBlock to apply`
	`77`	`+ // the padding and reset the state.`
`69`	`78`	`return _decryptor.TransformFinalBlock(input, offset, length);`
`70`	`79`	`}`
`71`	`80`
`@@ -74,20 +83,26 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`74`	`83`	`{`
`75`	`84`	`if (_des.Mode is System.Security.Cryptography.CipherMode.CFB or System.Security.Cryptography.CipherMode.OFB)`
`76`	`85`	`{`
	`86`	`+ // Manually pad the input for cfb and ofb cipher mode as BCL doesn't support partial block.`
	`87`	`+ // See https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SymmetricPadding.cs#L20-L21`
`77`	`88`	`paddingLength = BlockSize - (length % BlockSize);`
`78`		`- var newInput = new byte[input.Length + paddingLength];`
`79`		`- Buffer.BlockCopy(input, offset, newInput, 0, length);`
`80`		`- input = newInput;`
`81`		`- length = input.Length;`
	`89`	`+ input = input.Take(offset, length);`
	`90`	`+ length += paddingLength;`
	`91`	`+ Array.Resize(ref input, length);`
`82`	`92`	`offset = 0;`
`83`	`93`	`}`
`84`	`94`	`}`
`85`	`95`
	`96`	`+ // Otherwise, (the most important case) assume this instance is`
	`97`	`+ // used for one direction of an SSH connection, whereby the`
	`98`	`+ // encrypted data in all packets are considered a single data`
	`99`	`+ // stream i.e. we do not want to reset the state between calls to Encrypt.`
`86`	`100`	`var output = new byte[length];`
`87`	`101`	`_ = _decryptor.TransformBlock(input, offset, length, output, 0);`
`88`	`102`
`89`	`103`	`if (paddingLength > 0)`
`90`	`104`	`{`
	`105`	`+ // Manually unpad the output.`
`91`	`106`	`Array.Resize(ref output, output.Length - paddingLength);`
`92`	`107`	`}`
`93`	`108`
Original file line number	Diff line number	Diff line change
`@@ -33,8 +33,9 @@ public TripleDesCipher(byte[] key, byte[] iv, BlockCipherMode mode, bool pkcs7Pa`
`33`	`33`	`#if !NET6_0_OR_GREATER`
`34`	`34`	`if (mode == BlockCipherMode.CFB)`
`35`	`35`	`{`
`36`		`- // CFB8 not supported on .NET Framework`
	`36`	`+ // CFB8 not supported on .NET Framework, but supported on .NET`
`37`	`37`	`// see https://github.com/microsoft/referencesource/blob/51cf7850defa8a17d815b4700b67116e3fa283c2/mscorlib/system/security/cryptography/tripledescryptoserviceprovider.cs#L76-L78`
	`38`	`+ // see https://github.com/dotnet/runtime/blob/e7d837da5b1aacd9325a8b8f2214cfaf4d3f0ff6/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/TripleDesImplementation.cs#L229-L236`
`38`	`39`	`_impl = new BouncyCastleImpl(key, new CfbCipherMode(iv), pkcs7Padding ? new PKCS7Padding() : null);`
`39`	`40`	`}`
`40`	`41`	`else`