Skip to content

Commit d231717

Browse files
author
Pedro Fonseca
committed
Fix the AES Padding
It looks like the legacy code doesn't correctly remove padding, so this code needs to do the same.
1 parent 5c8f564 commit d231717

File tree

1 file changed

+35
-37
lines changed

1 file changed

+35
-37
lines changed

src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs

Lines changed: 35 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ public sealed class AesCipher : BlockCipher
3535
private bool isCTRMode;
3636

3737
private uint[] _ctrIV;
38+
39+
CipherPadding _padding;
3840
#endif
3941

4042
#region Static Definition Tables
@@ -695,22 +697,24 @@ public override byte[] Encrypt(byte[] data, int offset, int length)
695697
{
696698
if (useCSP)
697699
{
700+
if (length % BlockSize > 0)
701+
{
702+
if (_padding == null)
703+
{
704+
throw new ArgumentException("data");
705+
}
706+
data = _padding.Pad(BlockSize, data, offset, length);
707+
offset = 0;
708+
length = data.Length;
709+
}
710+
698711
if (isCTRMode)
699712
return CTREncryptDecrypt(data, offset, length);
700713
else
701714
{
702-
if (length % BlockSize == 0)
703-
{
704-
byte[] output = new byte[length];
705-
aesEncryptor.TransformBlock(data, offset, length, output, 0);
706-
return output;
707-
}
708-
else
709-
{
710-
// adds padding
711-
byte[] output = aesEncryptor.TransformFinalBlock(data, offset, length);
712-
return output;
713-
}
715+
byte[] output = new byte[length];
716+
aesEncryptor.TransformBlock(data, offset, length, output, 0);
717+
return output;
714718
}
715719
}
716720
else
@@ -730,34 +734,24 @@ public override byte[] Decrypt(byte[] data, int offset, int length)
730734
{
731735
if (useCSP)
732736
{
737+
if (length % BlockSize > 0)
738+
{
739+
if (_padding == null)
740+
{
741+
throw new ArgumentException("data");
742+
}
743+
data = _padding.Pad(BlockSize, data, offset, length);
744+
offset = 0;
745+
length = data.Length;
746+
}
747+
733748
if (isCTRMode)
734749
return CTREncryptDecrypt(data, offset, length);
735750
else
736751
{
737-
if (length % BlockSize == 0)
738-
{
739-
byte[] output = new byte[length];
740-
aesDecryptor.TransformBlock(data, offset, length, output, 0);
741-
return output;
742-
}
743-
else
744-
{
745-
// handles padding
746-
byte[] output = aesDecryptor.TransformFinalBlock(data, offset, length);
747-
return output;
748-
}
749-
750-
751-
//byte[] ok = base.Decrypt(data, offset, length);
752-
//for (int i = 0; i < a1.Length; i++)
753-
// if (a1[i] != ok[i] || a1.Length != ok.Length)
754-
// return null;
755-
756-
//for (int i = 0; i < a1.Length; i++)
757-
// if (a2[i] != ok[i] || a1.Length != ok.Length)
758-
// return null;
759-
760-
//return a1;
752+
byte[] output = new byte[length];
753+
aesDecryptor.TransformBlock(data, offset, length, output, 0);
754+
return output;
761755
}
762756
}
763757
else
@@ -769,7 +763,11 @@ private bool initCryptoServiceProvider(CipherMode mode, CipherPadding padding)
769763
{
770764
try
771765
{
772-
csp.PaddingMode cspPadding = padding == null ? csp.PaddingMode.None : csp.PaddingMode.PKCS7; // PKCS5 is same as PKCS7
766+
// use the provided CipherPadding object
767+
_padding = padding;
768+
csp.PaddingMode cspPadding = csp.PaddingMode.None;
769+
770+
// set the Mode
773771
csp.CipherMode cspMode = 0;
774772
isCTRMode = mode is Modes.CtrCipherMode;
775773

0 commit comments

Comments
 (0)