sshnet
diff --git a/‎src/Renci.SshNet/Renci.SshNet.csproj
Lines changed: 2 additions & 2 deletions b/‎src/Renci.SshNet/Renci.SshNet.csproj
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/BlockCipher.cs
Lines changed: 60 additions & 36 deletions b/‎src/Renci.SshNet/Security/Cryptography/BlockCipher.cs
Lines changed: 60 additions & 36 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/CipherMode.cs
Lines changed: 77 additions & 3 deletions b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/CipherMode.cs
Lines changed: 77 additions & 3 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/Modes/CbcCipherMode.cs
Lines changed: 4 additions & 0 deletions b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/Modes/CbcCipherMode.cs
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/Modes/CfbCipherMode.cs
Lines changed: 6 additions & 0 deletions b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/Modes/CfbCipherMode.cs
Lines changed: 6 additions & 0 deletions
@@ -36,12 +36,12 @@
     <DefineConstants>FEATURE_REGEX_COMPILE;FEATURE_BINARY_SERIALIZATION;FEATURE_RNG_CREATE;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_EAP;FEATURE_SOCKET_APM;FEATURE_SOCKET_POLL;FEATURE_STREAM_APM;FEATURE_DNS_SYNC;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HASH_RIPEMD160_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512;FEATURE_HMAC_RIPEMD160;FEATURE_MEMORYSTREAM_GETBUFFER;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_ENCODING_ASCII;FEATURE_ECDSA</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(TargetFramework)' == 'net40' ">
-    <DefineConstants>FEATURE_STRINGBUILDER_CLEAR;FEATURE_HASHALGORITHM_DISPOSE;FEATURE_REGEX_COMPILE;FEATURE_BINARY_SERIALIZATION;FEATURE_RNG_CREATE;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_EAP;FEATURE_SOCKET_APM;FEATURE_SOCKET_SELECT;FEATURE_SOCKET_POLL;FEATURE_SOCKET_DISPOSE;FEATURE_STREAM_APM;FEATURE_DNS_SYNC;FEATURE_THREAD_COUNTDOWNEVENT;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_WAITHANDLE_DISPOSE;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HASH_RIPEMD160_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512;FEATURE_HMAC_RIPEMD160;FEATURE_MEMORYSTREAM_GETBUFFER;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_ENCODING_ASCII;FEATURE_ECDSA</DefineConstants>
+    <DefineConstants>FEATURE_STRINGBUILDER_CLEAR;FEATURE_HASHALGORITHM_DISPOSE;FEATURE_REGEX_COMPILE;FEATURE_BINARY_SERIALIZATION;FEATURE_RNG_CREATE;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_EAP;FEATURE_SOCKET_APM;FEATURE_SOCKET_SELECT;FEATURE_SOCKET_POLL;FEATURE_SOCKET_DISPOSE;FEATURE_STREAM_APM;FEATURE_DNS_SYNC;FEATURE_THREAD_COUNTDOWNEVENT;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_WAITHANDLE_DISPOSE;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HASH_RIPEMD160_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512;FEATURE_HMAC_RIPEMD160;FEATURE_MEMORYSTREAM_GETBUFFER;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_ENCODING_ASCII;FEATURE_ECDSA;FEATURE_AES_CSP</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
     <DefineConstants>FEATURE_STRINGBUILDER_CLEAR;FEATURE_HASHALGORITHM_DISPOSE;FEATURE_ENCODING_ASCII;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_DIRECTORYINFO_ENUMERATEFILES;FEATURE_MEMORYSTREAM_TRYGETBUFFER;FEATURE_REFLECTION_TYPEINFO;FEATURE_RNG_CREATE;FEATURE_SOCKET_TAP;FEATURE_SOCKET_EAP;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_SELECT;FEATURE_SOCKET_POLL;FEATURE_SOCKET_DISPOSE;FEATURE_DNS_TAP;FEATURE_STREAM_TAP;FEATURE_THREAD_COUNTDOWNEVENT;FEATURE_THREAD_TAP;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_WAITHANDLE_DISPOSE;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' or '$(TargetFramework)' == 'netstandard2.1' ">
-    <DefineConstants>FEATURE_STRINGBUILDER_CLEAR;FEATURE_HASHALGORITHM_DISPOSE;FEATURE_ENCODING_ASCII;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_DIRECTORYINFO_ENUMERATEFILES;FEATURE_MEMORYSTREAM_GETBUFFER;FEATURE_MEMORYSTREAM_TRYGETBUFFER;FEATURE_RNG_CREATE;FEATURE_SOCKET_TAP;FEATURE_SOCKET_APM;FEATURE_SOCKET_EAP;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_SELECT;FEATURE_SOCKET_POLL;FEATURE_SOCKET_DISPOSE;FEATURE_DNS_SYNC;FEATURE_DNS_APM;FEATURE_DNS_TAP;FEATURE_STREAM_APM;FEATURE_STREAM_TAP;FEATURE_THREAD_COUNTDOWNEVENT;FEATURE_THREAD_TAP;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_WAITHANDLE_DISPOSE;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512;FEATURE_ECDSA</DefineConstants>
+    <DefineConstants>FEATURE_STRINGBUILDER_CLEAR;FEATURE_HASHALGORITHM_DISPOSE;FEATURE_ENCODING_ASCII;FEATURE_DIAGNOSTICS_TRACESOURCE;FEATURE_DIRECTORYINFO_ENUMERATEFILES;FEATURE_MEMORYSTREAM_GETBUFFER;FEATURE_MEMORYSTREAM_TRYGETBUFFER;FEATURE_RNG_CREATE;FEATURE_SOCKET_TAP;FEATURE_SOCKET_APM;FEATURE_SOCKET_EAP;FEATURE_SOCKET_SYNC;FEATURE_SOCKET_SELECT;FEATURE_SOCKET_POLL;FEATURE_SOCKET_DISPOSE;FEATURE_DNS_SYNC;FEATURE_DNS_APM;FEATURE_DNS_TAP;FEATURE_STREAM_APM;FEATURE_STREAM_TAP;FEATURE_THREAD_COUNTDOWNEVENT;FEATURE_THREAD_TAP;FEATURE_THREAD_THREADPOOL;FEATURE_THREAD_SLEEP;FEATURE_WAITHANDLE_DISPOSE;FEATURE_HASH_MD5;FEATURE_HASH_SHA1_CREATE;FEATURE_HASH_SHA256_CREATE;FEATURE_HASH_SHA384_CREATE;FEATURE_HASH_SHA512_CREATE;FEATURE_HMAC_MD5;FEATURE_HMAC_SHA1;FEATURE_HMAC_SHA256;FEATURE_HMAC_SHA384;FEATURE_HMAC_SHA512;FEATURE_ECDSA;FEATURE_AES_CSP</DefineConstants>
   </PropertyGroup>
 </Project>
@@ -1,4 +1,5 @@
 using System;
+using csp = System.Security.Cryptography;
 using Renci.SshNet.Security.Cryptography.Ciphers;
 
 namespace Renci.SshNet.Security.Cryptography
@@ -61,7 +62,22 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
             _padding = padding;
 
             if (_mode != null)
+            {
+#if FEATURE_AES_CSP
+                // use AesCryptoServiceProvider which uses AES-NI (faster, less CPU usage)
+                csp.AesCryptoServiceProvider aesProvider = new csp.AesCryptoServiceProvider()
+                {
+                    BlockSize = blockSize * 8,
+                    KeySize = Key.Length * 8,
+                    Mode = _mode.cspMode,
+                    Padding = padding == null ? csp.PaddingMode.None : csp.PaddingMode.PKCS7,
+                    Key = key
+                };
+                _mode.Init(this, aesProvider);
+#else
                 _mode.Init(this);
+#endif
+            }
         }
 
         /// <summary>
@@ -73,33 +89,37 @@ protected BlockCipher(byte[] key, byte blockSize, CipherMode mode, CipherPadding
         /// <returns>Encrypted data</returns>
         public override byte[] Encrypt(byte[] data, int offset, int length)
         {
-            if (length % _blockSize > 0)
-            {
-                if (_padding == null)
-                {
-                    throw new ArgumentException("data");
-                }
-                var paddingLength = _blockSize - (length % _blockSize);
-                data = _padding.Pad(data, offset, length, paddingLength);
-                length += paddingLength;
-                offset = 0;
-            }
-
             var output = new byte[length];
             var writtenBytes = 0;
 
-            for (var i = 0; i < length / _blockSize; i++)
+#if FEATURE_AES_CSP
+            if (_mode != null && _mode.isCspAvailable)
+                writtenBytes = _mode.EncryptWithCSP(data, offset, output);
+            else
             {
-                if (_mode == null)
+#endif
+                if (length % _blockSize > 0)
                 {
-                    writtenBytes += EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    if (_padding == null)
+                    {
+                        throw new ArgumentException("data");
+                    }
+                    var paddingLength = _blockSize - (length % _blockSize);
+                    data = _padding.Pad(data, offset, length, paddingLength);
+                    length += paddingLength;
+                    offset = 0;
                 }
-                else
+
+                for (var i = 0; i < length / _blockSize; i++)
                 {
-                    writtenBytes += _mode.EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    if (_mode == null)
+                        writtenBytes += EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    else
+                        writtenBytes += _mode.EncryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
+#if FEATURE_AES_CSP
             }
-
+#endif
             if (writtenBytes < length)
             {
                 throw new InvalidOperationException("Encryption error.");
@@ -129,32 +149,36 @@ public override byte[] Decrypt(byte[] data)
         /// </returns>
         public override byte[] Decrypt(byte[] data, int offset, int length)
         {
-            if (length % _blockSize > 0)
-            {
-                if (_padding == null)
-                {
-                    throw new ArgumentException("data");
-                }
-                data = _padding.Pad(_blockSize, data, offset, length);
-                offset = 0;
-                length = data.Length;
-            }
-
             var output = new byte[length];
-
             var writtenBytes = 0;
-            for (var i = 0; i < length / _blockSize; i++)
+
+#if FEATURE_AES_CSP
+            if (_mode != null && _mode.isCspAvailable)
+                writtenBytes = _mode.DecryptWithCSP(data, offset, output);
+            else
             {
-                if (_mode == null)
+#endif
+                if (length % _blockSize > 0)
                 {
-                    writtenBytes += DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    if (_padding == null)
+                    {
+                        throw new ArgumentException("data");
+                    }
+                    data = _padding.Pad(_blockSize, data, offset, length);
+                    offset = 0;
+                    length = data.Length;
                 }
-                else
+
+                for (var i = 0; i < length / _blockSize; i++)
                 {
-                    writtenBytes += _mode.DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    if (_mode == null)
+                        writtenBytes += DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
+                    else
+                        writtenBytes += _mode.DecryptBlock(data, offset + (i * _blockSize), _blockSize, output, i * _blockSize);
                 }
+#if FEATURE_AES_CSP
             }
-
+#endif
             if (writtenBytes < length)
             {
                 throw new InvalidOperationException("Encryption error.");
 
@@ -1,4 +1,6 @@
-using Renci.SshNet.Common;
+using System;
+using Renci.SshNet.Common;
+using csp = System.Security.Cryptography;
 
 namespace Renci.SshNet.Security.Cryptography.Ciphers
 {
@@ -15,7 +17,7 @@ public abstract class CipherMode
         /// <summary>
         /// Gets the IV vector.
         /// </summary>
-        protected byte[] IV;
+        internal byte[] IV;
 
         /// <summary>
         /// Holds block size of the cipher.
@@ -28,6 +30,9 @@ public abstract class CipherMode
         /// <param name="iv">The iv.</param>
         protected CipherMode(byte[] iv)
         {
+            if (iv.Length < 16)
+                throw new ArgumentException("Invalid AES IV length");
+
             IV = iv;
         }
 
@@ -66,6 +71,75 @@ internal void Init(BlockCipher cipher)
         /// <returns>
         /// The number of bytes decrypted.
         /// </returns>
-        public abstract int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset);
+        public virtual int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+        {
+            // By default, use the same EncryptBlock() function
+            // Modes that require a different implementation (non-symmetric) can override this function (CBC/CFB)
+            return EncryptBlock(inputBuffer, inputOffset, inputCount, outputBuffer, outputOffset);
+        }
+
+#if FEATURE_AES_CSP
+        // CryptoServiceProvider acceleration using AES-NI if supported
+        internal csp.ICryptoTransform aesDecryptor;
+        internal csp.ICryptoTransform aesEncryptor;
+
+        // set to false when CSP is not available; falls back to legacy code
+        internal bool isCspAvailable = true;
+
+        // corresponding CSP cipher mode
+        internal csp.CipherMode cspMode = csp.CipherMode.ECB;
+
+        /// <summary>
+        /// If true, performs decryption using aesEncryptor
+        /// </summary>
+        protected bool cspDecryptAsEncrypt = true;
+
+        /// <summary>
+        /// Initializes the specified cipher mode using CryptoServiceProvider acceleration
+        /// </summary>
+        /// <param name="cipher">The cipher.</param>
+        /// <param name="csp">The cryptoServiceProvider instance</param>
+        internal void Init(BlockCipher cipher, csp.AesCryptoServiceProvider csp)
+        {
+            Init(cipher);
+            try
+            {
+                aesDecryptor = csp.CreateDecryptor(csp.Key, IV);
+                aesEncryptor = csp.CreateEncryptor(csp.Key, IV);
+            }
+            catch
+            {
+                // OFB/CFB might not be available on some versions of Windows - fallback to legacy code
+                isCspAvailable = false;
+            }
+        }
+
+        /// <summary>
+        /// Encrypts the specified region of the input byte array using AesCryptoServiceProvider
+        /// </summary>
+        /// <param name="data">The input data to encrypt.</param>
+        /// <param name="offset">The offset into the input byte array from which to begin using data.</param>
+        /// <param name="output">The output to which to write encrypted data.</param>
+        /// <returns>The number of bytes encrypted</returns>
+        public virtual int EncryptWithCSP(byte[] data, int offset, byte[] output)
+        {
+            return aesEncryptor.TransformBlock(data, offset, output.Length, output, 0);
+        }
+
+        /// <summary>
+        /// Decrypts the specified region of the input byte array using AesCryptoServiceProvider
+        /// </summary>
+        /// <param name="data">The input data to decrypt.</param>
+        /// <param name="offset">The offset into the input byte array from which to begin using data.</param>
+        /// <param name="output">The output to which to write decrypted data.</param>
+        /// <returns>The number of bytes decrypted</returns>
+        public virtual int DecryptWithCSP(byte[] data, int offset, byte[] output)
+        {
+            if (cspDecryptAsEncrypt)
+                return EncryptWithCSP(data, offset, output);
+
+            return aesDecryptor.TransformBlock(data, offset, output.Length, output, 0);
+        }
+#endif
     }
 }
@@ -15,6 +15,10 @@ public class CbcCipherMode : CipherMode
         public CbcCipherMode(byte[] iv)
             : base(iv)
         {
+#if FEATURE_AES_CSP
+            cspMode = System.Security.Cryptography.CipherMode.CBC;
+            cspDecryptAsEncrypt = false;
+#endif        
         }
 
         /// <summary>
 
@@ -18,6 +18,12 @@ public CfbCipherMode(byte[] iv)
             : base(iv)
         {
             _ivOutput = new byte[iv.Length];
+
+#if FEATURE_AES_CSP
+            cspMode = System.Security.Cryptography.CipherMode.CFB;
+            // note: the legacy code also uses EncryptBlock() on the DecryptBlock() function
+            cspDecryptAsEncrypt = true;
+#endif
         }
 
         /// <summary>
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,10 @@ public class CbcCipherMode : CipherMode`
`15`	`15`	`public CbcCipherMode(byte[] iv)`
`16`	`16`	`: base(iv)`
`17`	`17`	`{`
	`18`	`+#if FEATURE_AES_CSP`
	`19`	`+ cspMode = System.Security.Cryptography.CipherMode.CBC;`
	`20`	`+ cspDecryptAsEncrypt = false;`
	`21`	`+#endif`
`18`	`22`	`}`
`19`	`23`
`20`	`24`	`/// <summary>`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,12 @@ public CfbCipherMode(byte[] iv)`
`18`	`18`	`: base(iv)`
`19`	`19`	`{`
`20`	`20`	`_ivOutput = new byte[iv.Length];`
	`21`	`+`
	`22`	`+#if FEATURE_AES_CSP`
	`23`	`+ cspMode = System.Security.Cryptography.CipherMode.CFB;`
	`24`	`+ // note: the legacy code also uses EncryptBlock() on the DecryptBlock() function`
	`25`	`+ cspDecryptAsEncrypt = true;`
	`26`	`+#endif`
`21`	`27`	`}`
`22`	`28`
`23`	`29`	`/// <summary>`