Aes Cbc decryption with wrong key

[Gionni2D]

Description

When decrypting an AES CBC message with an incorrect key, I've noticed an inconsistent behavior between Java/Android and Darwin (MacOS, iOS, ecc..) targets.

• Java/Android: correctly throws an exception (an Error with BadPaddingException cause), indicating decryption failure.
• Darwin: returns a byte array of incorrect data without throwing an error.

This prevents the detection of a decryption failure due to an invalid key on Darwin targets and a different behaviour among platforms.

Expected Behavior

Both Java/Android and Darwin targets should consistently throw an exception or return an error when an incorrect key is used for AES CBC decryption.

Steps to Reproduce

To reproduce the error, I've created a test case for the AesCbcTest test suite:

// class: AesCbcTest  

@Test
fun decryptWithWrongKey() = runTest {
  aesCbcSamples.forEachIndexed { index, (key, iv, _, ciphertext) ->
    val wrongKey = key.reversed().toByteArray()
    val aesCbc = AesCbc(wrongKey, iv)
    val actual = runCatching { aesCbc.decrypt(iv + ciphertext) }.exceptionOrNull()
    assertNotNull(actual, index.toString())
    assertEquals(actual.message, "Aes cbc decrypt error", index.toString())
  }
}

Environment

• Kotlin Multiplatform Version: 2.0.0
• Test Platform: iosSimulatorArm64, macosArm64
• OS: macOS Sequoia 15.5