sshnet
diff --git a/‎src/Renci.SshNet/Security/Cryptography/BlockCipher.cs
Lines changed: 36 additions & 60 deletions b/‎src/Renci.SshNet/Security/Cryptography/BlockCipher.cs
Lines changed: 36 additions & 60 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs
Lines changed: 217 additions & 0 deletions b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs
Lines changed: 217 additions & 0 deletions
@@ -1,5 +1,4 @@
 using System;
-using csp = System.Security.Cryptography;
 using Renci.SshNet.Security.Cryptography.Ciphers;
 
 namespace Renci.SshNet.Security.Cryptography
@@ -62,22 +61,7 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
             _padding = padding;
 
             if (_mode != null)
-            {
-#if FEATURE_AES_CSP
-                // use AesCryptoServiceProvider which uses AES-NI (faster, less CPU usage)
-                csp.AesCryptoServiceProvider aesProvider = new csp.AesCryptoServiceProvider()
-                {
-                    BlockSize = blockSize * 8,
-                    KeySize = Key.Length * 8,
-                    Mode = _mode.cspMode,
-                    Padding = padding == null ? csp.PaddingMode.None : csp.PaddingMode.PKCS7,
-                    Key = key
-                };
-                _mode.Init(this, aesProvider);
-#else
                 _mode.Init(this);
-#endif
-            }
         }
 
         /// <summary>
@@ -89,37 +73,33 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
         /// <returns>Encrypted data</returns>
         public override byte[] Encrypt(byte[] data, int offset, int length)
         {
+            if (length % _blockSize > 0)
+            {
+                if (_padding == null)
+                {
+                    throw new ArgumentException("data");
+                }
+                var paddingLength = _blockSize - (length % _blockSize);
+                data = _padding.Pad(data, offset, length, paddingLength);
+                length += paddingLength;
+                offset = 0;
+            }
+
             var output = new byte[length];
             var writtenBytes = 0;
 
-#if FEATURE_AES_CSP
-            if (_mode != null && _mode.isCspAvailable)
-                writtenBytes = _mode.EncryptWithCSP(data, offset, output);
-            else
+            for (var i = 0; i < length / _blockSize; i++)
             {
-#endif
-                if (length % _blockSize > 0)
+                if (_mode == null)
                 {
-                    if (_padding == null)
-                    {
-                        throw new ArgumentException("data");
-                    }
-                    var paddingLength = _blockSize - (length % _blockSize);
-                    data = _padding.Pad(data, offset, length, paddingLength);
-                    length += paddingLength;
-                    offset = 0;
+                    writtenBytes += EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
-
-                for (var i = 0; i < length / _blockSize; i++)
+                else
                 {
-                    if (_mode == null)
-                        writtenBytes += EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
-                    else
-                        writtenBytes += _mode.EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    writtenBytes += _mode.EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
-#if FEATURE_AES_CSP
             }
-#endif
+
             if (writtenBytes < length)
             {
                 throw new InvalidOperationException("Encryption error.");
@@ -149,36 +129,32 @@ public override byte[] Decrypt(byte[] data)
         /// </returns>
         public override byte[] Decrypt(byte[] data, int offset, int length)
         {
+            if (length % _blockSize > 0)
+            {
+                if (_padding == null)
+                {
+                    throw new ArgumentException("data");
+                }
+                data = _padding.Pad(_blockSize, data, offset, length);
+                offset = 0;
+                length = data.Length;
+            }
+
             var output = new byte[length];
-            var writtenBytes = 0;
 
-#if FEATURE_AES_CSP
-            if (_mode != null && _mode.isCspAvailable)
-                writtenBytes = _mode.DecryptWithCSP(data, offset, output);
-            else
+            var writtenBytes = 0;
+            for (var i = 0; i < length / _blockSize; i++)
             {
-#endif
-                if (length % _blockSize > 0)
+                if (_mode == null)
                 {
-                    if (_padding == null)
-                    {
-                        throw new ArgumentException("data");
-                    }
-                    data = _padding.Pad(_blockSize, data, offset, length);
-                    offset = 0;
-                    length = data.Length;
+                    writtenBytes += DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
-
-                for (var i = 0; i < length / _blockSize; i++)
+                else
                 {
-                    if (_mode == null)
-                        writtenBytes += DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
-                    else
-                        writtenBytes += _mode.DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    writtenBytes += _mode.DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
-#if FEATURE_AES_CSP
             }
-#endif
+
             if (writtenBytes < length)
             {
                 throw new InvalidOperationException("Encryption error.");
 
@@ -1,6 +1,7 @@
 using System;
 using System.Globalization;
 using Renci.SshNet.Common;
+using csp = System.Security.Cryptography;
 
 namespace Renci.SshNet.Security.Cryptography.Ciphers
 {
@@ -23,6 +24,19 @@ public sealed class AesCipher : BlockCipher
 
         private uint C0, C1, C2, C3;
 
+#if FEATURE_AES_CSP
+
+        private csp.ICryptoTransform aesDecryptor;
+
+        private csp.ICryptoTransform aesEncryptor;
+
+        private bool useCSP;       // set to false when CSP is not available for a given mode; falls back to legacy code
+        
+        private bool isCTRMode;
+
+        private uint[] _ctrIV;
+#endif
+
         #region Static Definition Tables
 
         private static readonly byte[] S =
@@ -571,6 +585,11 @@ public AesCipher(byte[] key, CipherMode mode, CipherPadding padding)
 
             if (!(keySize == 256 || keySize == 192 || keySize == 128))
                 throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, "KeySize '{0}' is not valid for this algorithm.", keySize));
+
+#if FEATURE_AES_CSP
+            // initialize AesCryptoServiceProvider which uses AES-NI (faster, less CPU usage)
+            useCSP = initCryptoServiceProvider(mode, padding);
+#endif
         }
 
         /// <summary>
@@ -663,6 +682,204 @@ public override int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputC
             return BlockSize;
         }
 
+#if FEATURE_AES_CSP
+
+        /// <summary>
+        /// Encrypts the specified data using AesCryptoServiceProvider
+        /// </summary>
+        /// <param name="data">The data.</param>
+        /// <param name="offset">The zero-based offset in <paramref name="data"/> at which to begin encrypting.</param>
+        /// <param name="length">The number of bytes to encrypt from <paramref name="data"/>.</param>
+        /// <returns>Encrypted data</returns>
+        public override byte[] Encrypt(byte[] data, int offset, int length)
+        {
+            if (useCSP)
+            {
+                if (isCTRMode)
+                    return CTREncryptDecrypt(data, offset, length);
+                else
+                {
+                    if (length % BlockSize == 0)
+                    {
+                        byte[] output = new byte[length];
+                        aesEncryptor.TransformBlock(data, offset, length, output, 0);
+                        return output;
+                    }
+                    else
+                    {
+                        // adds padding
+                        byte[] output = aesEncryptor.TransformFinalBlock(data, offset, length);
+                        return output;
+                    }
+                }
+            }
+            else
+                return base.Encrypt(data, offset, length);
+        }
+
+        /// <summary>
+        /// Decrypts the specified input using AesCryptoServiceProvider
+        /// </summary>
+        /// <param name="data">The input.</param>
+        /// <param name="offset">The zero-based offset in <paramref name="data"/> at which to begin decrypting.</param>
+        /// <param name="length">The number of bytes to decrypt from <paramref name="data"/>.</param>
+        /// <returns>
+        /// The decrypted data.
+        /// </returns>
+        public override byte[] Decrypt(byte[] data, int offset, int length)
+        {
+            if (useCSP)
+            {
+                if (isCTRMode)
+                    return CTREncryptDecrypt(data, offset, length);
+                else
+                {
+                    if (length % BlockSize == 0)
+                    {
+                        byte[] output = new byte[length];
+                        aesDecryptor.TransformBlock(data, offset, length, output, 0);
+                        return output;
+                    }
+                    else
+                    {
+                        // handles padding
+                        byte[] output = aesDecryptor.TransformFinalBlock(data, offset, length);
+                        return output;
+                    }
+                   
+                    
+                    //byte[] ok = base.Decrypt(data, offset, length);
+                    //for (int i = 0; i < a1.Length; i++)
+                    //    if (a1[i] != ok[i] || a1.Length != ok.Length)
+                    //        return null;
+
+                    //for (int i = 0; i < a1.Length; i++)
+                    //    if (a2[i] != ok[i] || a1.Length != ok.Length)
+                    //        return null;
+
+                    //return a1;
+                }
+            }
+            else
+                return base.Encrypt(data, offset, length);
+        }
+
+        // initialize AesCryptoServiceProvider
+        private bool initCryptoServiceProvider(CipherMode mode, CipherPadding padding)
+        {
+            try
+            {
+                csp.PaddingMode cspPadding = padding == null ? csp.PaddingMode.None : csp.PaddingMode.PKCS7;    // PKCS5 is same as PKCS7
+                csp.CipherMode cspMode = 0;
+                isCTRMode = mode is Modes.CtrCipherMode;
+
+                if (mode is Modes.CbcCipherMode)
+                    cspMode = csp.CipherMode.CBC;
+                else if (isCTRMode)
+                    cspMode = csp.CipherMode.ECB;       // CTR uses ECB
+                else
+                    return false;                       // OFB and CFB not supported, fallback to managed code
+
+                // prepare IV array for CTR mode
+                if (isCTRMode)
+                    _ctrIV = GetPackedIV(mode.IV);
+
+                // create ICryptoTransform instances
+                var aesProvider = new csp.AesCryptoServiceProvider()
+                {
+                    BlockSize = BlockSize * 8,
+                    KeySize = Key.Length * 8,
+                    Mode = cspMode,
+                    Padding = cspPadding,
+                    Key = Key,
+                    IV = mode.IV,
+                };
+                aesEncryptor = aesProvider.CreateEncryptor(Key, mode.IV);
+                aesDecryptor = aesProvider.CreateDecryptor(Key, mode.IV);
+                return true;
+            }
+            catch { }  // fallback for unsupported key/iv/blocksize combinations
+            return false;
+        }
+
+        // convert the IV into an array of uint[4]
+        private uint[] GetPackedIV(byte[] iv)
+        {
+            uint[] packedIV = new uint[4];
+            packedIV[0] = (uint)((iv[0] << 24) | (iv[1] << 16) | (iv[2] << 8) | (iv[3]));
+            packedIV[1] = (uint)((iv[4] << 24) | (iv[5] << 16) | (iv[6] << 8) | (iv[7]));
+            packedIV[2] = (uint)((iv[8] << 24) | (iv[9] << 16) | (iv[10] << 8) | (iv[11]));
+            packedIV[3] = (uint)((iv[12] << 24) | (iv[13] << 16) | (iv[14] << 8) | (iv[15]));
+            return packedIV;
+        }
+
+        // Perform AES-CTR encryption/decryption
+        private byte[] CTREncryptDecrypt(byte[] data, int offset, int length)
+        {
+            int count = length / BlockSize;
+            if (length % BlockSize != 0) count++;
+
+            byte[] counter = CTRCreateCounterArray(count);
+            byte[] aesCounter = aesEncryptor.TransformFinalBlock(counter, 0, counter.Length);
+            byte[] output = CTRArrayXOR(aesCounter, data, offset, length);
+
+            return output;
+        }
+
+        // creates the Counter array filled with incrementing copies of IV
+        private byte[] CTRCreateCounterArray(int blocks)
+        {
+            // fill an array with IV, increment by 1 for each copy
+            uint[] counter = new uint[blocks * 4];
+            for (int i = 0; i < counter.Length; i += 4)
+            {
+                // write IV to buffer (big endian)
+                counter[i] = (_ctrIV[0] << 24) | ((_ctrIV[0] << 8) & 0x00FF0000) | ((_ctrIV[0] >> 8) & 0x0000FF00) | (_ctrIV[0] >> 24);
+                counter[i + 1] = (_ctrIV[1] << 24) | ((_ctrIV[1] << 8) & 0x00FF0000) | ((_ctrIV[1] >> 8) & 0x0000FF00) | (_ctrIV[1] >> 24);
+                counter[i + 2] = (_ctrIV[2] << 24) | ((_ctrIV[2] << 8) & 0x00FF0000) | ((_ctrIV[2] >> 8) & 0x0000FF00) | (_ctrIV[2] >> 24);
+                counter[i + 3] = (_ctrIV[3] << 24) | ((_ctrIV[3] << 8) & 0x00FF0000) | ((_ctrIV[3] >> 8) & 0x0000FF00) | (_ctrIV[3] >> 24);
+
+                // increment IV (little endian)
+                for (int j = 3; j >= 0 && ++_ctrIV[j] == 0; j--) ;
+            }
+
+            // copy uint[] to byte[]
+            byte[] counterBytes = new byte[blocks * 16];
+            System.Buffer.BlockCopy(counter, 0, counterBytes, 0, counterBytes.Length);
+            return counterBytes;
+        }
+
+        // XORs the input data with the encrypted Counter array to produce the final output
+        // uses uint arrays for speed
+        private byte[] CTRArrayXOR(byte[] counter, byte[] data, int offset, int length)
+        {
+            int words = length / 4;
+            if (length % 4 != 0) words++;
+
+            // convert original data to words
+            uint[] datawords = new uint[words];
+            System.Buffer.BlockCopy(data, offset, datawords, 0, length);
+
+            // convert encrypted IV counter to words
+            uint[] counterwords = new uint[words];
+            System.Buffer.BlockCopy(counter, 0, counterwords, 0, length);
+
+            // XOR encrypted Counter with input data
+            for (int i = 0; i < words; i++)
+                counterwords[i] = counterwords[i] ^ datawords[i];
+
+            // copy uint[] to byte[]
+            byte[] output = counter;
+            System.Buffer.BlockCopy(counterwords, 0, output, 0, length);
+
+            // adjust output for non-aligned lengths
+            if (output.Length > length)
+                Array.Resize(ref output, length);
+
+            return output;
+        }
+#endif
+
         private uint[] GenerateWorkingKey(bool isEncryption, byte[] key)
         {
             int KC = key.Length / 4;  // key length in words