Decrypt should take into account unpadding for the final output if padding is specified.

scott-xu · scott-xu · commit 84c3a8dbaab5 · 2024-11-30T15:09:36.000+08:00
diff --git a/src/Renci.SshNet/Security/Cryptography/BlockCipher.cs b/src/Renci.SshNet/Security/Cryptography/BlockCipher.cs
@@ -1,6 +1,9 @@
 ﻿using System;
 
+using Org.BouncyCastle.Crypto.Paddings;
+
 using Renci.SshNet.Security.Cryptography.Ciphers;
+using Renci.SshNet.Security.Cryptography.Ciphers.Paddings;
 
 namespace Renci.SshNet.Security.Cryptography
 {
@@ -153,6 +156,12 @@ public override byte[] Decrypt(byte[] input, int offset, int length)
                 throw new InvalidOperationException("Encryption error.");
             }
 
+            if (_padding is PKCS7Padding)
+            {
+                var paddingLength = new Pkcs7Padding().PadCount(output);
+                Array.Resize(ref output, output.Length - paddingLength);
+            }
+
             return output;
         }
 
diff --git a/test/Renci.SshNet.Tests/Classes/Security/Cryptography/BlockCipherTest.cs b/test/Renci.SshNet.Tests/Classes/Security/Cryptography/BlockCipherTest.cs
@@ -56,17 +56,19 @@ public void EncryptShouldTakeIntoAccountPaddingForLengthOfInputBufferPassedToEnc
         }
 
         [TestMethod]
-        public void DecryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToDecryptBlock()
+        public void DecryptShouldTakeIntoAccountUnPaddingForTheFinalOutput()
         {
-            var input = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };
-            var output = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };
+            var input = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };
+            var output = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };
+            var padding = new byte[] { 0x03, 0x03, 0x03 };
             var key = new byte[] { 0x17, 0x78, 0x56, 0xe1, 0x3e, 0xbd, 0x3e, 0x50, 0x1d, 0x79, 0x3f, 0x0f, 0x55, 0x37, 0x45, 0x54 };
             var blockCipher = new BlockCipherStub(key, 8, null, new PKCS7Padding())
             {
                 DecryptBlockDelegate = (inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset) =>
                     {
                         Assert.AreEqual(8, outputBuffer.Length);
                         Buffer.BlockCopy(output, 0, outputBuffer, 0, output.Length);
+                        Buffer.BlockCopy(padding, 0, outputBuffer, output.Length, padding.Length);
                         return inputBuffer.Length;
                     }
             };

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,9 @@`
`1`	`1`	`using System;`
`2`	`2`
	`3`	`+using Org.BouncyCastle.Crypto.Paddings;`
	`4`	`+`
`3`	`5`	`using Renci.SshNet.Security.Cryptography.Ciphers;`
	`6`	`+using Renci.SshNet.Security.Cryptography.Ciphers.Paddings;`
`4`	`7`
`5`	`8`	`namespace Renci.SshNet.Security.Cryptography`
`6`	`9`	`{`
`@@ -153,6 +156,12 @@ public override byte[] Decrypt(byte[] input, int offset, int length)`
`153`	`156`	`throw new InvalidOperationException("Encryption error.");`
`154`	`157`	`}`
`155`	`158`
	`159`	`+ if (_padding is PKCS7Padding)`
	`160`	`+ {`
	`161`	`+ var paddingLength = new Pkcs7Padding().PadCount(output);`
	`162`	`+ Array.Resize(ref output, output.Length - paddingLength);`
	`163`	`+ }`
	`164`	`+`
`156`	`165`	`return output;`
`157`	`166`	`}`
`158`	`167`
Original file line number	Diff line number	Diff line change
`@@ -56,17 +56,19 @@ public void EncryptShouldTakeIntoAccountPaddingForLengthOfInputBufferPassedToEnc`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`[TestMethod]`
`59`		`- public void DecryptShouldTakeIntoAccountPaddingForLengthOfOutputBufferPassedToDecryptBlock()`
	`59`	`+ public void DecryptShouldTakeIntoAccountUnPaddingForTheFinalOutput()`
`60`	`60`	`{`
`61`		`- var input = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };`
`62`		`- var output = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };`
	`61`	`+ var input = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06, 0x08, 0x07, 0x05 };`
	`62`	`+ var output = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };`
	`63`	`+ var padding = new byte[] { 0x03, 0x03, 0x03 };`
`63`	`64`	`var key = new byte[] { 0x17, 0x78, 0x56, 0xe1, 0x3e, 0xbd, 0x3e, 0x50, 0x1d, 0x79, 0x3f, 0x0f, 0x55, 0x37, 0x45, 0x54 };`
`64`	`65`	`var blockCipher = new BlockCipherStub(key, 8, null, new PKCS7Padding())`
`65`	`66`	`{`
`66`	`67`	`DecryptBlockDelegate = (inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset) =>`
`67`	`68`	`{`
`68`	`69`	`Assert.AreEqual(8, outputBuffer.Length);`
`69`	`70`	`Buffer.BlockCopy(output, 0, outputBuffer, 0, output.Length);`
	`71`	`+ Buffer.BlockCopy(padding, 0, outputBuffer, output.Length, padding.Length);`
`70`	`72`	`return inputBuffer.Length;`
`71`	`73`	`}`
`72`	`74`	`};`