protected override unsafe byte[] UncheckedTransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount) { if (SymmetricPadding.DepaddingRequired(PaddingMode)) { byte[] rented = CryptoPool.Rent(inputCount + InputBlockSize); int written = 0; fixed(byte *pRented = rented) { try { written = UncheckedTransformFinalBlock(inputBuffer.AsSpan(inputOffset, inputCount), rented); return(rented.AsSpan(0, written).ToArray()); } finally { CryptoPool.Return(rented, clearSize: written); } } } else { byte[] buffer = GC.AllocateUninitializedArray <byte>(inputCount); int written = UncheckedTransformFinalBlock(inputBuffer.AsSpan(inputOffset, inputCount), buffer); Debug.Assert(written == buffer.Length); return(buffer); } }
public override bool TransformOneShot(ReadOnlySpan <byte> input, Span <byte> output, out int bytesWritten) { int ciphertextLength = SymmetricPadding.GetCiphertextLength(input.Length, PaddingSizeBytes, PaddingMode); if (output.Length < ciphertextLength) { bytesWritten = 0; return(false); } // Copy the input to the output, and apply padding if required. This will not throw since the // output length has already been checked, and PadBlock will not copy from input to output // until it has checked that it will be able to apply padding correctly. int padWritten = SymmetricPadding.PadBlock(input, output, PaddingSizeBytes, PaddingMode); // Do an in-place encrypt. All of our implementations support this, either natively // or making a temporary buffer themselves if in-place is not supported by the native // implementation. Span <byte> paddedOutput = output.Slice(0, padWritten); bytesWritten = BasicSymmetricCipher.TransformFinal(paddedOutput, paddedOutput); // After padding, we should have an even number of blocks, and the same applies // to the transform. Debug.Assert(padWritten == bytesWritten); return(true); }
public override unsafe bool TransformOneShot(ReadOnlySpan <byte> input, Span <byte> output, out int bytesWritten) { if (input.Length % PaddingSizeBytes != 0) { throw new CryptographicException(SR.Cryptography_PartialBlock); } // If there is no padding that needs to be removed, and the output buffer is large enough to hold // the resulting plaintext, we can decrypt directly in to the output buffer. // We do not do this for modes that require padding removal. // // This is not done for padded ciphertexts because we don't know if the padding is valid // until it's been decrypted. We don't want to decrypt in to a user-supplied buffer and then throw // a padding exception after we've already filled the user buffer with plaintext. We should only // release the plaintext to the caller once we know the padding is valid. if (!SymmetricPadding.DepaddingRequired(PaddingMode)) { if (output.Length >= input.Length) { bytesWritten = BasicSymmetricCipher.TransformFinal(input, output); return(true); } // If no padding is going to be removed, we know the buffer is too small and we can bail out. bytesWritten = 0; return(false); } byte[] rentedBuffer = CryptoPool.Rent(input.Length); Span <byte> buffer = rentedBuffer.AsSpan(0, input.Length); Span <byte> decryptedBuffer = default; fixed(byte *pBuffer = buffer) { try { int transformWritten = BasicSymmetricCipher.TransformFinal(input, buffer); decryptedBuffer = buffer.Slice(0, transformWritten); // validates padding int unpaddedLength = SymmetricPadding.GetPaddingLength(decryptedBuffer, PaddingMode, InputBlockSize); if (unpaddedLength > output.Length) { bytesWritten = 0; return(false); } decryptedBuffer.Slice(0, unpaddedLength).CopyTo(output); bytesWritten = unpaddedLength; return(true); } finally { CryptographicOperations.ZeroMemory(decryptedBuffer); CryptoPool.Return(rentedBuffer, clearSize: 0); // ZeroMemory clears the part of the buffer that was written to. } } }
protected override byte[] UncheckedTransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount) { int ciphertextLength = SymmetricPadding.GetCiphertextLength(inputCount, PaddingSizeBytes, PaddingMode); byte[] buffer = GC.AllocateUninitializedArray <byte>(ciphertextLength); int written = UncheckedTransformFinalBlock(inputBuffer.AsSpan(inputOffset, inputCount), buffer); Debug.Assert(written == buffer.Length); return(buffer); }
protected override int UncheckedTransformFinalBlock(ReadOnlySpan <byte> inputBuffer, Span <byte> outputBuffer) { // The only caller of this method is the array-allocating overload, outputBuffer is // always new memory, not a user-provided buffer. Debug.Assert(!inputBuffer.Overlaps(outputBuffer)); int padWritten = SymmetricPadding.PadBlock(inputBuffer, outputBuffer, PaddingSizeBytes, PaddingMode); int transformWritten = BasicSymmetricCipher.TransformFinal(outputBuffer.Slice(0, padWritten), outputBuffer); // After padding, we should have an even number of blocks, and the same applies // to the transform. Debug.Assert(padWritten == transformWritten); return(transformWritten); }
protected override int UncheckedTransformBlock(ReadOnlySpan <byte> inputBuffer, Span <byte> outputBuffer) { // // If we're decrypting, it's possible to be called with the last blocks of the data, and then // have TransformFinalBlock called with an empty array. Since we don't know if this is the case, // we won't decrypt the last block of the input until either TransformBlock or // TransformFinalBlock is next called. // // We don't need to do this for PaddingMode.None because there is no padding to strip, and // we also don't do this for PaddingMode.Zeros since there is no way for us to tell if the // zeros at the end of a block are part of the plaintext or the padding. // int decryptedBytes = 0; if (SymmetricPadding.DepaddingRequired(PaddingMode)) { // If we have data saved from a previous call, decrypt that into the output first if (_heldoverCipher != null) { int depadDecryptLength = BasicSymmetricCipher.Transform(_heldoverCipher, outputBuffer); outputBuffer = outputBuffer.Slice(depadDecryptLength); decryptedBytes += depadDecryptLength; } else { _heldoverCipher = new byte[InputBlockSize]; } // Postpone the last block to the next round. Debug.Assert(inputBuffer.Length >= _heldoverCipher.Length, "inputBuffer.Length >= _heldoverCipher.Length"); inputBuffer.Slice(inputBuffer.Length - _heldoverCipher.Length).CopyTo(_heldoverCipher); inputBuffer = inputBuffer.Slice(0, inputBuffer.Length - _heldoverCipher.Length); Debug.Assert(inputBuffer.Length % InputBlockSize == 0, "Did not remove whole blocks for depadding"); } if (inputBuffer.Length > 0) { decryptedBytes += BasicSymmetricCipher.Transform(inputBuffer, outputBuffer); } return(decryptedBytes); }
protected override unsafe int UncheckedTransformFinalBlock(ReadOnlySpan <byte> inputBuffer, Span <byte> outputBuffer) { // We can't complete decryption on a partial block if (inputBuffer.Length % PaddingSizeBytes != 0) { throw new CryptographicException(SR.Cryptography_PartialBlock); } // // If we have postponed cipher bits from the prior round, copy that into the decryption buffer followed by the input data. // Otherwise the decryption buffer is just the input data. // ReadOnlySpan <byte> inputCiphertext; Span <byte> ciphertext; byte[]? rentedCiphertext = null; int rentedCiphertextSize = 0; try { if (_heldoverCipher == null) { rentedCiphertextSize = inputBuffer.Length; rentedCiphertext = CryptoPool.Rent(inputBuffer.Length); ciphertext = rentedCiphertext.AsSpan(0, inputBuffer.Length); inputCiphertext = inputBuffer; } else { rentedCiphertextSize = _heldoverCipher.Length + inputBuffer.Length; rentedCiphertext = CryptoPool.Rent(rentedCiphertextSize); ciphertext = rentedCiphertext.AsSpan(0, rentedCiphertextSize); _heldoverCipher.AsSpan().CopyTo(ciphertext); inputBuffer.CopyTo(ciphertext.Slice(_heldoverCipher.Length)); // Decrypt in-place inputCiphertext = ciphertext; } int unpaddedLength = 0; fixed(byte *pCiphertext = ciphertext) { // Decrypt the data, then strip the padding to get the final decrypted data. Note that even if the cipherText length is 0, we must // invoke TransformFinal() so that the cipher object knows to reset for the next cipher operation. int decryptWritten = BasicSymmetricCipher.TransformFinal(inputCiphertext, ciphertext); Span <byte> decryptedBytes = ciphertext.Slice(0, decryptWritten); if (decryptedBytes.Length > 0) { unpaddedLength = SymmetricPadding.GetPaddingLength(decryptedBytes, PaddingMode, InputBlockSize); decryptedBytes.Slice(0, unpaddedLength).CopyTo(outputBuffer); } } Reset(); return(unpaddedLength); } finally { if (rentedCiphertext != null) { CryptoPool.Return(rentedCiphertext, clearSize: rentedCiphertextSize); } } }
public static unsafe bool OneShotDecrypt( ILiteSymmetricCipher cipher, PaddingMode paddingMode, ReadOnlySpan <byte> input, Span <byte> output, out int bytesWritten) { if (input.Length % cipher.PaddingSizeInBytes != 0) { throw new CryptographicException(SR.Cryptography_PartialBlock); } // If there is no padding that needs to be removed, and the output buffer is large enough to hold // the resulting plaintext, we can decrypt directly in to the output buffer. // We do not do this for modes that require padding removal. // // This is not done for padded ciphertexts because we don't know if the padding is valid // until it's been decrypted. We don't want to decrypt in to a user-supplied buffer and then throw // a padding exception after we've already filled the user buffer with plaintext. We should only // release the plaintext to the caller once we know the padding is valid. if (!SymmetricPadding.DepaddingRequired(paddingMode)) { if (output.Length >= input.Length) { bytesWritten = cipher.TransformFinal(input, output); return(true); } // If no padding is going to be removed, we know the buffer is too small and we can bail out. bytesWritten = 0; return(false); } byte[] rentedBuffer = CryptoPool.Rent(input.Length); Span <byte> buffer = rentedBuffer.AsSpan(0, input.Length); Span <byte> decryptedBuffer = default; fixed(byte *pBuffer = buffer) { try { int transformWritten = cipher.TransformFinal(input, buffer); decryptedBuffer = buffer.Slice(0, transformWritten); // This intentionally passes in BlockSizeInBytes instead of PaddingSizeInBytes. This is so that // "extra padded" CFB data can still be decrypted. The .NET Framework always padded CFB8 to the // block size, not the feedback size. We want the one-shot to be able to continue to decrypt // those ciphertexts, so for CFB8 we are more lenient on the number of allowed padding bytes. int unpaddedLength = SymmetricPadding.GetPaddingLength(decryptedBuffer, paddingMode, cipher.BlockSizeInBytes); // validates padding if (unpaddedLength > output.Length) { bytesWritten = 0; return(false); } decryptedBuffer.Slice(0, unpaddedLength).CopyTo(output); bytesWritten = unpaddedLength; return(true); } finally { CryptographicOperations.ZeroMemory(decryptedBuffer); CryptoPool.Return(rentedBuffer, clearSize: 0); // ZeroMemory clears the part of the buffer that was written to. } } }