Manually pad input in CTR mode as well. Update AesCipherTest.

Co-Authored-By: Rob Hague <[email protected]>

Author: scott-xu

src/Renci.SshNet/Security/Cryptography/BlockCipher.cs

@@ -87,7 +87,7 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
             }
             else if (length % _blockSize > 0)
             {
-                if (_mode is CfbCipherMode or OfbCipherMode)
+                if (_mode is CfbCipherMode or OfbCipherMode or CtrCipherMode)
                 {
                     paddingLength = _blockSize - (length % _blockSize);
                     input = input.Take(offset, length);
@@ -143,7 +143,7 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
             var paddingLength = 0;
             if (length % _blockSize > 0)
             {
-                if (_padding is null && _mode is CfbCipherMode or OfbCipherMode)
+                if (_padding is null && _mode is CfbCipherMode or OfbCipherMode or CtrCipherMode)
                 {
                     paddingLength = _blockSize - (length % _blockSize);
                     input = input.Take(offset, length);

test/Renci.SshNet.Tests/Classes/Security/Cryptography/Ciphers/AesCipherTest.Gen.cs.txt

@@ -21,109 +21,130 @@ foreach ((string mode, (string modeCode, CipherMode? bclMode)) in modes)
 {
     foreach (int keySize in new int[] { 128, 192, 256 })
     {
-        foreach (int inputLength in new int[] { 16, 32, 64 })
+        foreach (int inputLength in new int[] { 16, 35, 64 })
         {
-            byte[] input = new byte[inputLength];
-            random.NextBytes(input);
+            foreach (bool pad in new bool[] { false, true })
+            {
+                // It is not allowed to use no padding on non-block lengths
+                // It makes sense in cfb, ctr and ofb modes
+                if (!pad && inputLength % 16 != 0 && mode is not "cfb" or "ctr" or "ofb")
+                {
+                    continue;
+                }
 
-            byte[] key = new byte[keySize / 8];
-            random.NextBytes(key);
+                // It does not make sense to test padding for stream cipher modes
+                // (and the OpenSSL, BCL implementations differ)
+                if (pad && mode is "cfb" or "ctr" or "ofb")
+                {
+                    continue;
+                }
 
-            byte[] iv = new byte[16];
-            random.NextBytes(iv);
+                byte[] input = new byte[inputLength];
+                random.NextBytes(input);
 
-            StringBuilder openSslCmd = new();
+                byte[] key = new byte[keySize / 8];
+                random.NextBytes(key);
 
-            openSslCmd.Append($"echo -n -e '{string.Join("", input.Select(b => $"\\x{b:x2}"))}' |");
-            openSslCmd.Append($" openssl enc -e -aes-{keySize}-{mode}");
-            openSslCmd.Append($" -K {Convert.ToHexString(key)}");
-            if (mode != "ecb")
-            {
-                openSslCmd.Append($" -iv {Convert.ToHexString(iv)}");
-            }
-            openSslCmd.Append(" -nopad");
+                byte[] iv = new byte[16];
+                random.NextBytes(iv);
 
-            ProcessStartInfo pi = new("wsl", openSslCmd.ToString())
-            {
-                RedirectStandardOutput = true,
-                RedirectStandardError = true,
-            };
+                StringBuilder openSslCmd = new();
 
-            byte[] expected;
-            string error;
+                openSslCmd.Append($"echo -n -e '{string.Join("", input.Select(b => $"\\x{b:x2}"))}' |");
+                openSslCmd.Append($" openssl enc -e -aes-{keySize}-{mode}");
+                openSslCmd.Append($" -K {Convert.ToHexString(key)}");
+                if (mode != "ecb")
+                {
+                    openSslCmd.Append($" -iv {Convert.ToHexString(iv)}");
+                }
 
-            using (MemoryStream ms = new())
-            {
-                var p = Process.Start(pi);
-                p.StandardOutput.BaseStream.CopyTo(ms);
-                error = p.StandardError.ReadToEnd();
+                if (!pad)
+                {
+                    openSslCmd.Append(" -nopad");
+                }
 
-                p.WaitForExit();
+                ProcessStartInfo pi = new("wsl", openSslCmd.ToString())
+                {
+                    RedirectStandardOutput = true,
+                    RedirectStandardError = true,
+                };
 
-                expected = ms.ToArray();
-            }
+                byte[] expected;
+                string error;
 
-            tw.WriteLine("[TestMethod]");
-            tw.WriteLine($"public void AES_{mode.ToUpper()}_{keySize}_Length{inputLength}()");
-            tw.WriteLine("{");
-            tw.Indent++;
+                using (MemoryStream ms = new())
+                {
+                    var p = Process.Start(pi);
+                    p.StandardOutput.BaseStream.CopyTo(ms);
+                    error = p.StandardError.ReadToEnd();
 
-            WriteBytes(input);
-            WriteBytes(key);
-            if (mode != "ecb")
-            {
-                WriteBytes(iv);
-            }
-            tw.WriteLine();
+                    p.WaitForExit();
 
-            if (!string.IsNullOrWhiteSpace(error))
-            {
-                tw.WriteLine($"// {openSslCmd}");
-                tw.WriteLine($"Assert.Fail(@\"{error}\");");
+                    expected = ms.ToArray();
+                }
 
-                tw.Indent--;
-                tw.WriteLine("}");
-                tw.WriteLine();
-                continue;
-            }
+                tw.WriteLine("[TestMethod]");
+                tw.WriteLine($"public void AES_{mode.ToUpper()}_{keySize}_Length{inputLength}_{(pad ? "Pad" : "NoPad")}()");
+                tw.WriteLine("{");
+                tw.Indent++;
 
-            tw.WriteLine($"// {openSslCmd} | hd"); // pipe to hexdump
-            WriteBytes(expected);
-            tw.WriteLine();
-            tw.WriteLine($"var actual = new AesCipher(key, {modeCode}, pkcs7Padding: false).Encrypt(input);");
-            tw.WriteLine();
-            tw.WriteLine($"CollectionAssert.AreEqual(expected, actual);");
+                WriteBytes(input);
+                WriteBytes(key);
+                if (mode != "ecb")
+                {
+                    WriteBytes(iv);
+                }
+                tw.WriteLine();
 
-            if (bclMode is not null and not CipherMode.OFB)
-            {
-                // Verify the OpenSSL result is the same as the .NET BCL, just to be sure
-                Aes bcl = Aes.Create();
-                bcl.Key = key;
-                bcl.IV = iv;
-                bcl.Mode = bclMode.Value;
-                bcl.Padding = PaddingMode.None;
-                bcl.FeedbackSize = 128; // .NET is CFB8 by default, OpenSSL is CFB128
-                byte[] bclBytes = bcl.CreateEncryptor().TransformFinalBlock(input, 0, input.Length);
-
-                if (!bclBytes.AsSpan().SequenceEqual(expected))
+                if (!string.IsNullOrWhiteSpace(error))
                 {
-                    tw.WriteLine();
-                    tw.WriteLine(@"Assert.Inconclusive(@""OpenSSL does not match the .NET BCL");
-                    tw.Indent++;
-                    tw.WriteLine($@"OpenSSL: {Convert.ToHexString(expected)}");
-                    tw.WriteLine($@"BCL:     {Convert.ToHexString(bclBytes)}"");");
+                    tw.WriteLine($"// {openSslCmd}");
+                    tw.WriteLine($"Assert.Fail(@\"{error}\");");
+
                     tw.Indent--;
+                    tw.WriteLine("}");
+                    tw.WriteLine();
+                    continue;
                 }
-            }
 
-            tw.WriteLine();
-            tw.WriteLine($"var decrypted = new AesCipher(key, {modeCode}, pkcs7Padding: false).Decrypt(actual);");
-            tw.WriteLine();
-            tw.WriteLine($"CollectionAssert.AreEqual(input, decrypted);");
+                tw.WriteLine($"// {openSslCmd} | hd"); // pipe to hexdump
+                WriteBytes(expected);
+                tw.WriteLine();
+                tw.WriteLine($"var actual = new AesCipher(key, {modeCode}, pkcs7Padding: {(pad ? "true" : "false")}).Encrypt(input);");
+                tw.WriteLine();
+                tw.WriteLine($"CollectionAssert.AreEqual(expected, actual);");
+
+                if (bclMode is not null and not CipherMode.OFB and not CipherMode.CFB)
+                {
+                    // Verify the OpenSSL result is the same as the .NET BCL, just to be sure
+                    Aes bcl = Aes.Create();
+                    bcl.Key = key;
+                    bcl.IV = iv;
+                    bcl.Mode = bclMode.Value;
+                    bcl.Padding = pad ? PaddingMode.PKCS7 : PaddingMode.None;
+                    bcl.FeedbackSize = 128; // .NET is CFB8 by default, OpenSSL is CFB128
+                    byte[] bclBytes = bcl.CreateEncryptor().TransformFinalBlock(input, 0, input.Length);
+
+                    if (!bclBytes.AsSpan().SequenceEqual(expected))
+                    {
+                        tw.WriteLine();
+                        tw.WriteLine(@"Assert.Inconclusive(@""OpenSSL does not match the .NET BCL");
+                        tw.Indent++;
+                        tw.WriteLine($@"OpenSSL: {Convert.ToHexString(expected)}");
+                        tw.WriteLine($@"BCL:     {Convert.ToHexString(bclBytes)}"");");
+                        tw.Indent--;
+                    }
+                }
 
-            tw.Indent--;
-            tw.WriteLine("}");
-            tw.WriteLine();
+                tw.WriteLine();
+                tw.WriteLine($"var decrypted = new AesCipher(key, {modeCode}, pkcs7Padding: {(pad ? "true" : "false")}).Decrypt(actual);");
+                tw.WriteLine();
+                tw.WriteLine($"CollectionAssert.AreEqual(input, decrypted);");
+
+                tw.Indent--;
+                tw.WriteLine("}");
+                tw.WriteLine();
+            }
         }
     }
 }