-
Notifications
You must be signed in to change notification settings - Fork 12
/
Add-Pkcs7Padding.ps1
50 lines (41 loc) · 1.64 KB
/
Add-Pkcs7Padding.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Copyright: (c) 2018, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function Add-Pkcs7Padding {
<#
.SYNOPSIS
Add padding to the byte array based on the PKCS7 padding spec.
.DESCRIPTION
Will add PKCS7 padding to a byte array. This will always add the padding
even if it has already been padded as there is no real way to determine
if the padding has already been applied.
.PARAMETER Value
[byte[]] The bytes to add the padding to.
.PARAMETER BlockSize
[int] The size of the block in bits.
.OUTPUTS
[byte[]] The input bytes after being padded to the BlockSize.
.EXAMPLE
Add-Pkcs7Padding -Value @([byte]1, [byte]2) -BlockSize 128
.NOTES
Usually this is done as part of a crypto provider but because we use
Invoke-AESCTRCycle (AES in CTR mode/stream cipher) we need to manually
pad the bytes as this is done in the Ansible Vault implementation.
#>
[CmdletBinding()]
[OutputType([byte[]])]
param(
[Parameter(Mandatory=$true)] [byte[]]$Value,
[Parameter(Mandatory=$true)] [int]$BlockSize
)
$block_size_bytes = $BlockSize / 8
$padding_length = $block_size_bytes - ($Value.Length % $block_size_bytes)
if ($padding_length -eq 0) {
$padding_length = $block_size_bytes
}
$padded_bytes = New-Object -TypeName byte[] -ArgumentList ($Value.Length + $padding_length)
$Value.CopyTo($padded_bytes, 0)
for ($i = $Value.Length; $i -lt $padded_bytes.Length; $i++) {
$padded_bytes[$i] = [byte]$padding_length
}
return $padded_bytes
}