Make TripleDESCryptoServiceProvider CreateTransform behave like netfx

.NET Framework's TripleDESCryptoServiceProvider rejects small inputs, but
accepts oversized IVs (effectively truncating them to the block size).  This
change makes the .NET Core type behave the same way, and adds a test to
codify all of the oversized IV relationships with the CryptoServiceProvider
compat types.  (DES and RC2 apparently already allowed it)

Author: bartonjs

src/System.Security.Cryptography.Csp/src/System/Security/Cryptography/TripleDESCryptoServiceProvider.cs

@@ -63,12 +63,34 @@ public override PaddingMode Padding
         public override KeySizes[] LegalBlockSizes => _impl.LegalBlockSizes;
         public override KeySizes[] LegalKeySizes => _impl.LegalKeySizes;
         public override ICryptoTransform CreateEncryptor() => _impl.CreateEncryptor();
-        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) => _impl.CreateEncryptor(rgbKey, rgbIV);
         public override ICryptoTransform CreateDecryptor() => _impl.CreateDecryptor();
-        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) => _impl.CreateDecryptor(rgbKey, rgbIV);
         public override void GenerateIV() => _impl.GenerateIV();
         public override void GenerateKey() => _impl.GenerateKey();
 
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "This is the implementation of TripleDES")]
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) =>
+            _impl.CreateEncryptor(rgbKey, TrimLargeIV(rgbIV));
+
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "This is the implementation of TripleDES")]
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) =>
+            _impl.CreateDecryptor(rgbKey, TrimLargeIV(rgbIV));
+
+        private byte[] TrimLargeIV(byte[] iv)
+        {
+            // The BlockSize for 3DES is 64, so this is always 8, but let's use
+            // the formula anyways.
+            int blockSizeBytes = (BlockSize + 7) / 8;
+
+            if (iv?.Length > blockSizeBytes)
+            {
+                byte[] tmp = new byte[blockSizeBytes];
+                Buffer.BlockCopy(iv, 0, tmp, 0, tmp.Length);
+                return tmp;
+            }
+
+            return iv;
+        }
+
         protected override void Dispose(bool disposing)
         {
             if (disposing)

src/System.Security.Cryptography.Csp/tests/CreateTransformCompat.cs

@@ -0,0 +1,67 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using Xunit;
+
+namespace System.Security.Cryptography.Csp.Tests
+{
+    public static class CreateTransformCompat
+    {
+        [Theory]
+        [InlineData(typeof(AesCryptoServiceProvider), null)]
+        [InlineData(typeof(DESCryptoServiceProvider), 9)]
+        [InlineData(typeof(DESCryptoServiceProvider), 13)]
+        [InlineData(typeof(RC2CryptoServiceProvider), 9)]
+        [InlineData(typeof(RC2CryptoServiceProvider), 17)]
+        [InlineData(typeof(TripleDESCryptoServiceProvider), 9)]
+        [InlineData(typeof(TripleDESCryptoServiceProvider), 24)]
+        [InlineData(typeof(TripleDESCryptoServiceProvider), 31)]
+        public static void CreateTransform_IVTooBig(Type t, int? ivSizeBytes)
+        {
+            using (SymmetricAlgorithm alg = (SymmetricAlgorithm)Activator.CreateInstance(t))
+            {
+                alg.Mode = CipherMode.CBC;
+                byte[] key = alg.Key;
+
+                // If it isn't supposed to work
+                if (ivSizeBytes == null)
+                {
+                    // badSize is in bytes, BlockSize is in bits.
+                    // So badSize is 8 times as big as it should be.
+                    int badSize = alg.BlockSize;
+                    Assert.Throws<ArgumentException>(() => alg.CreateEncryptor(key, new byte[badSize]));
+                    Assert.Throws<ArgumentException>(() => alg.CreateDecryptor(key, new byte[badSize]));
+
+                    return;
+                }
+
+                int correctSize = alg.BlockSize / 8;
+                byte[] data = { 1, 2, 3, 4, 5 };
+
+                byte[] iv = new byte[ivSizeBytes.Value];
+
+                for (int i = 0; i < iv.Length; i++)
+                {
+                    iv[i] = (byte)((byte.MaxValue - i) ^ correctSize);
+                }
+
+                byte[] correctIV = iv.AsSpan(0, correctSize).ToArray();
+
+                using (ICryptoTransform correctEnc = alg.CreateEncryptor(key, correctIV))
+                using (ICryptoTransform badIvEnc = alg.CreateEncryptor(key, iv))
+                using (ICryptoTransform badIvDec = alg.CreateDecryptor(key, iv))
+                {
+                    byte[] encrypted = badIvEnc.TransformFinalBlock(data, 0, data.Length);
+                    byte[] correctEncrypted = correctEnc.TransformFinalBlock(data, 0, data.Length);
+
+                    Assert.Equal(correctEncrypted, encrypted);
+
+                    byte[] decrypted1 = badIvDec.TransformFinalBlock(correctEncrypted, 0, correctEncrypted.Length);
+
+                    Assert.Equal(data, decrypted1);
+                }
+            }
+        }
+    }
+}

src/System.Security.Cryptography.Csp/tests/System.Security.Cryptography.Csp.Tests.csproj

@@ -13,6 +13,7 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Debug|AnyCPU'" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netstandard-Windows_NT-Release|AnyCPU'" />
   <ItemGroup>
+    <Compile Include="CreateTransformCompat.cs" />
     <Compile Include="CspParametersTests.cs" />
     <Compile Include="RSAImportExportCspBlobTests.cs" />
     <Compile Include="RSACryptoServiceProviderBackCompat.cs" />