Encrypt should take into account *manual* padding for length of inputBuffer passed to EncryptBlock and unpadding for the final output if padding is not specified and mode is CFB or OFB.

Author: scott-xu

src/Renci.SshNet/Security/Cryptography/BlockCipher.cs

@@ -80,9 +80,10 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
         /// </returns>
         public override byte[] Encrypt(byte[] input, int offset, int length)
         {
+            var paddingLength = 0;
             if (_padding is not null)
             {
-                var paddingLength = _blockSize - (length % _blockSize);
+                paddingLength = _blockSize - (length % _blockSize);
                 input = _padding.Pad(input, offset, length, paddingLength);
                 length += paddingLength;
                 offset = 0;
@@ -91,10 +92,10 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
             {
                 if (_mode is CfbCipherMode or OfbCipherMode)
                 {
-                    var paddingLength = _blockSize - (length % _blockSize);
+                    paddingLength = _blockSize - (length % _blockSize);
                     input = input.Take(offset, length);
-                    Array.Resize(ref input, length + paddingLength);
                     length += paddingLength;
+                    Array.Resize(ref input, length);
                     offset = 0;
                 }
                 else
@@ -123,6 +124,11 @@ public override byte[] Encrypt(byte[] input, int offset, int length)
                 throw new InvalidOperationException("Encryption error.");
             }
 
+            if (_padding is null && paddingLength > 0)
+            {
+                Array.Resize(ref output, output.Length - paddingLength);
+            }
+
             return output;
         }
 

test/Renci.SshNet.Tests/Classes/Security/Cryptography/BlockCipherTest.cs

@@ -56,6 +56,27 @@ public void EncryptShouldTakeIntoAccountPaddingForLengthOfInputBufferPassedToEnc
             Assert.IsTrue(output.SequenceEqual(actual));
         }
 
+        [TestMethod]
+        public void EncryptShouldTakeIntoAccountManualPaddingForLengthOfInputBufferPassedToDecryptBlockAndUnPaddingForTheFinalOutput_CFB()
+        {
+            var input = new byte[] { 0x0a, 0x00, 0x03, 0x02, 0x06 };
+            var output = new byte[] { 0x2c, 0x1a, 0x05, 0x00, 0x68 };
+            var key = new byte[] { 0x17, 0x78, 0x56, 0xe1, 0x3e, 0xbd, 0x3e, 0x50, 0x1d, 0x79, 0x3f, 0x0f, 0x55, 0x37, 0x45, 0x54 };
+            var blockCipher = new BlockCipherStub(key, 8, new CfbCipherModeStub(new byte[8]), null)
+            {
+                EncryptBlockDelegate = (inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset) =>
+                {
+                    Assert.AreEqual(8, inputBuffer.Length);
+                    Buffer.BlockCopy(output, 0, outputBuffer, 0, output.Length);
+                    return inputBuffer.Length;
+                }
+            };
+
+            var actual = blockCipher.Encrypt(input);
+
+            Assert.IsTrue(output.SequenceEqual(actual));
+        }
+
         [TestMethod]
         public void DecryptShouldTakeIntoAccountUnPaddingForTheFinalOutput()
         {
@@ -128,6 +149,11 @@ public CfbCipherModeStub(byte[] iv)
             {
             }
 
+            public override int EncryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+            {
+                return Cipher.EncryptBlock(inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset);
+            }
+
             public override int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
             {
                 return Cipher.DecryptBlock(inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset);