Encrypt should take into account padding for length of inputBuffer passed to EncryptBlock if padding is specified, no matter input is divisible or not.

Author: scott-xu

src/Renci.SshNet/Security/Cryptography/BlockCipher.cs

@@ -75,18 +75,17 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
         /// </returns>
         public override byte[] Encrypt(byte[] input, int offset, int length)
         {
-            if (length % _blockSize > 0)
+            if (_padding is not null)
             {
-                if (_padding is null)
-                {
-                    throw new ArgumentException(string.Format("The data block size is incorrect for {0}.", GetType().Name), "data");
-                }
-
                 var paddingLength = _blockSize - (length % _blockSize);
                 input = _padding.Pad(input, offset, length, paddingLength);
                 length += paddingLength;
                 offset = 0;
             }
+            else if (length % _blockSize > 0)
+            {
+                throw new ArgumentException(string.Format("The data block size is incorrect for {0}.", GetType().Name), "data");
+            }
 
             var output = new byte[length];
             var writtenBytes = 0;

test/Renci.SshNet.Tests/Classes/Security/Cryptography/BlockCipherTest.cs

@@ -14,7 +14,7 @@ namespace Renci.SshNet.Tests.Classes.Security.Cryptography
     public class BlockCipherTest : TestBase
     {
         [TestMethod]
-        public void EncryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToEncryptBlock()
+        public void EncryptShouldTakeIntoAccountPaddingForLengthOfInputBufferPassedToEncryptBlock_InputNotDivisible()
         {
             var input = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };
             var output = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };
@@ -23,7 +23,7 @@ public void EncryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToEn
             {
                 EncryptBlockDelegate = (inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset) =>
                     {
-                        Assert.AreEqual(8, outputBuffer.Length);
+                        Assert.AreEqual(8, inputBuffer.Length);
                         Buffer.BlockCopy(output, 0, outputBuffer, 0, output.Length);
                         return inputBuffer.Length;
                     }
@@ -34,6 +34,27 @@ public void EncryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToEn
             Assert.IsTrue(output.SequenceEqual(actual));
         }
 
+        [TestMethod]
+        public void EncryptShouldTakeIntoAccountPaddingForLengthOfInputBufferPassedToEncryptBlock_InputDivisible()
+        {
+            var input = new byte[0];
+            var output = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };
+            var key = new byte[] { 0x17, 0x78, 0x56, 0xe1, 0x3e, 0xbd, 0x3e, 0x50, 0x1d, 0x79, 0x3f, 0x0f, 0x55, 0x37, 0x45, 0x54 };
+            var blockCipher = new BlockCipherStub(key, 8, null, new PKCS7Padding())
+            {
+                EncryptBlockDelegate = (inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset) =>
+                {
+                    Assert.AreEqual(8, inputBuffer.Length);
+                    Buffer.BlockCopy(output, 0, outputBuffer, 0, output.Length);
+                    return inputBuffer.Length;
+                }
+            };
+
+            var actual = blockCipher.Encrypt(input);
+
+            Assert.IsTrue(output.SequenceEqual(actual));
+        }
+
         [TestMethod]
         public void DecryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToDecryptBlock()
         {