Make key exchange more efficient by using byte[] in our internal structures, and convert to BigInteger when necessary.

Fixes #643.

Introduce base classes for DiffieHelman group key exchange.
Eliminate code duplication.

Author: drieseng

src/Renci.SshNet/Common/Extensions.cs

@@ -72,6 +72,21 @@ internal static BigInteger ToBigInteger(this byte[] data)
             return new BigInteger(reversed.Reverse());
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BigInteger"/> structure using the SSH BigNum2 Format
+        /// </summary>
+        public static byte[] ToBigNum2(this byte[] data)
+        {
+            if ((data[0] & (1 << 7)) != 0)
+            {
+                var buf = new byte[data.Length + 1];
+                Buffer.BlockCopy(data, 0, buf, 1, data.Length);
+                data = buf;
+            }
+
+            return data;
+        }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="BigInteger"/> structure using the SSH BigNum2 Format
         /// </summary>

src/Renci.SshNet/ConnectionInfo.cs

@@ -331,8 +331,6 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
                     {"diffie-hellman-group-exchange-sha1", typeof (KeyExchangeDiffieHellmanGroupExchangeSha1)},
                     {"diffie-hellman-group14-sha1", typeof (KeyExchangeDiffieHellmanGroup14Sha1)},
                     {"diffie-hellman-group1-sha1", typeof (KeyExchangeDiffieHellmanGroup1Sha1)},
-                    //"gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
-                    //"gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
                 };
 
             Encryptions = new Dictionary<string, CipherInfo>

src/Renci.SshNet/Messages/Transport/KeyExchangeDhGroupExchangeInit.cs

@@ -1,22 +1,15 @@
-using Renci.SshNet.Common;
-
-namespace Renci.SshNet.Messages.Transport
+namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEX_DH_GEX_INIT message.
     /// </summary>
     [Message("SSH_MSG_KEX_DH_GEX_INIT", 32)]
     internal class KeyExchangeDhGroupExchangeInit : Message, IKeyExchangedAllowed
     {
-        private byte[] _eBytes;
-
         /// <summary>
         /// Gets the E value.
         /// </summary>
-        public BigInteger E
-        {
-            get { return _eBytes.ToBigInteger(); }
-        }
+        public byte[] E { get; private set; }
 
         /// <summary>
         /// Gets the size of the message in bytes.
@@ -30,7 +23,7 @@ protected override int BufferCapacity
             {
                 var capacity = base.BufferCapacity;
                 capacity += 4; // E length
-                capacity += _eBytes.Length; // E
+                capacity += E.Length; // E
                 return capacity;
             }
         }
@@ -39,25 +32,25 @@ protected override int BufferCapacity
         /// Initializes a new instance of the <see cref="KeyExchangeDhGroupExchangeInit"/> class.
         /// </summary>
         /// <param name="clientExchangeValue">The client exchange value.</param>
-        public KeyExchangeDhGroupExchangeInit(BigInteger clientExchangeValue)
+        public KeyExchangeDhGroupExchangeInit(byte[] clientExchangeValue)
         {
-            _eBytes = clientExchangeValue.ToByteArray().Reverse();
+            E = clientExchangeValue;
         }
 
         /// <summary>
         /// Called when type specific data need to be loaded.
         /// </summary>
         protected override void LoadData()
         {
-            _eBytes = ReadBinary();
+            E = ReadBinary();
         }
 
         /// <summary>
         /// Called when type specific data need to be saved.
         /// </summary>
         protected override void SaveData()
         {
-            WriteBinaryString(_eBytes);
+            WriteBinaryString(E);
         }
 
         internal override void Process(Session session)

src/Renci.SshNet/Messages/Transport/KeyExchangeDhGroupExchangeReply.cs

@@ -10,8 +10,6 @@ internal class KeyExchangeDhGroupExchangeReply : Message
     {
         internal const byte MessageNumber = 33;
 
-        private byte[] _fBytes;
-
         /// <summary>
         /// Gets server public host key and certificates
         /// </summary>
@@ -21,10 +19,7 @@ internal class KeyExchangeDhGroupExchangeReply : Message
         /// <summary>
         /// Gets the F value.
         /// </summary>
-        public BigInteger F
-        {
-            get { return _fBytes.ToBigInteger(); }
-        }
+        public byte[] F { get; private set; }
 
         /// <summary>
         /// Gets the signature of H.
@@ -46,7 +41,7 @@ protected override int BufferCapacity
                 capacity += 4; // HostKey length
                 capacity += HostKey.Length; // HostKey
                 capacity += 4; // F length
-                capacity += _fBytes.Length; // F
+                capacity += F.Length; // F
                 capacity += 4; // Signature length
                 capacity += Signature.Length; // Signature
                 return capacity;
@@ -59,7 +54,7 @@ protected override int BufferCapacity
         protected override void LoadData()
         {
             HostKey = ReadBinary();
-            _fBytes = ReadBinary();
+            F = ReadBinary();
             Signature = ReadBinary();
         }
 
@@ -69,7 +64,7 @@ protected override void LoadData()
         protected override void SaveData()
         {
             WriteBinaryString(HostKey);
-            WriteBinaryString(_fBytes);
+            WriteBinaryString(F);
             WriteBinaryString(Signature);
         }
 

src/Renci.SshNet/Messages/Transport/KeyExchangeDhInitMessage.cs

@@ -1,22 +1,15 @@
-using Renci.SshNet.Common;
-
-namespace Renci.SshNet.Messages.Transport
+namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXDH_INIT message.
     /// </summary>
     [Message("SSH_MSG_KEXDH_INIT", 30)]
     internal class KeyExchangeDhInitMessage : Message, IKeyExchangedAllowed
     {
-        private byte[] _eBytes;
-
         /// <summary>
         /// Gets the E value.
         /// </summary>
-        public BigInteger E
-        {
-            get { return _eBytes.ToBigInteger(); }
-        }
+        public byte[] E { get; private set; }
 
         /// <summary>
         /// Gets the size of the message in bytes.
@@ -30,7 +23,7 @@ protected override int BufferCapacity
             {
                 var capacity = base.BufferCapacity;
                 capacity += 4; // E length
-                capacity += _eBytes.Length; // E
+                capacity += E.Length; // E
                 return capacity;
             }
         }
@@ -39,25 +32,25 @@ protected override int BufferCapacity
         /// Initializes a new instance of the <see cref="KeyExchangeDhInitMessage"/> class.
         /// </summary>
         /// <param name="clientExchangeValue">The client exchange value.</param>
-        public KeyExchangeDhInitMessage(BigInteger clientExchangeValue)
+        public KeyExchangeDhInitMessage(byte[] clientExchangeValue)
         {
-            _eBytes = clientExchangeValue.ToByteArray().Reverse();
+            E = clientExchangeValue;
         }
 
         /// <summary>
         /// Called when type specific data need to be loaded.
         /// </summary>
         protected override void LoadData()
         {
-            _eBytes = ReadBinary();
+            E = ReadBinary();
         }
 
         /// <summary>
         /// Called when type specific data need to be saved.
         /// </summary>
         protected override void SaveData()
         {
-            WriteBinaryString(_eBytes);
+            WriteBinaryString(E);
         }
 
         internal override void Process(Session session)

src/Renci.SshNet/Messages/Transport/KeyExchangeDhReplyMessage.cs

@@ -1,15 +1,11 @@
-using Renci.SshNet.Common;
-
-namespace Renci.SshNet.Messages.Transport
+namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXDH_REPLY message.
     /// </summary>
     [Message("SSH_MSG_KEXDH_REPLY", 31)]
     public class KeyExchangeDhReplyMessage : Message
     {
-        private byte[] _fBytes;
-
         /// <summary>
         /// Gets server public host key and certificates
         /// </summary>
@@ -19,10 +15,7 @@ public class KeyExchangeDhReplyMessage : Message
         /// <summary>
         /// Gets the F value.
         /// </summary>
-        public BigInteger F
-        {
-            get { return _fBytes.ToBigInteger(); }
-        }
+        public byte[] F { get; private set; }
 
         /// <summary>
         /// Gets the signature of H.
@@ -44,7 +37,7 @@ protected override int BufferCapacity
                 capacity += 4; // HostKey length
                 capacity += HostKey.Length; // HostKey
                 capacity += 4; // F length
-                capacity += _fBytes.Length; // F
+                capacity += F.Length; // F
                 capacity += 4; // Signature length
                 capacity += Signature.Length; // Signature
                 return capacity;
@@ -57,7 +50,7 @@ protected override int BufferCapacity
         protected override void LoadData()
         {
             HostKey = ReadBinary();
-            _fBytes = ReadBinary();
+            F = ReadBinary();
             Signature = ReadBinary();
         }
 
@@ -67,7 +60,7 @@ protected override void LoadData()
         protected override void SaveData()
         {
             WriteBinaryString(HostKey);
-            WriteBinaryString(_fBytes);
+            WriteBinaryString(F);
             WriteBinaryString(Signature);
         }
 

src/Renci.SshNet/Renci.SshNet.csproj

@@ -30,7 +30,6 @@
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' or '$(TargetFramework)' == 'netstandard2.1' ">
     <PackageReference Include="SshNet.Security.Cryptography" Version="[1.3.0]" />
-    <PackageReference Include="System.Security.Cryptography.Cng" Version="4.7.0" />
   </ItemGroup>
 
   <PropertyGroup Condition=" '$(TargetFramework)' == 'net35' ">

src/Renci.SshNet/Security/GroupExchangeHashData.cs

@@ -9,9 +9,6 @@ internal class GroupExchangeHashData : SshData
         private byte[] _clientVersion;
         private byte[] _prime;
         private byte[] _subGroup;
-        private byte[] _clientExchangeValue;
-        private byte[] _serverExchangeValue;
-        private byte[] _sharedKey;
 
         public string ServerVersion
         {
@@ -50,23 +47,11 @@ public BigInteger SubGroup
             set { _subGroup = value.ToByteArray().Reverse(); }
         }
 
-        public BigInteger ClientExchangeValue
-        {
-            private get { return _clientExchangeValue.ToBigInteger(); }
-            set { _clientExchangeValue = value.ToByteArray().Reverse(); }
-        }
+        public byte[] ClientExchangeValue { get; set; }
 
-        public BigInteger ServerExchangeValue
-        {
-            private get { return _serverExchangeValue.ToBigInteger(); }
-            set { _serverExchangeValue = value.ToByteArray().Reverse(); }
-        }
+        public byte[] ServerExchangeValue { get; set; }
 
-        public BigInteger SharedKey
-        {
-            private get { return _sharedKey.ToBigInteger(); }
-            set { _sharedKey = value.ToByteArray().Reverse(); }
-        }
+        public byte[] SharedKey { get; set; }
 
         /// <summary>
         /// Gets the size of the message in bytes.
@@ -97,11 +82,11 @@ protected override int BufferCapacity
                 capacity += 4; // SubGroup length
                 capacity += _subGroup.Length; // SubGroup
                 capacity += 4; // ClientExchangeValue length
-                capacity += _clientExchangeValue.Length; // ClientExchangeValue
+                capacity += ClientExchangeValue.Length; // ClientExchangeValue
                 capacity += 4; // ServerExchangeValue length
-                capacity += _serverExchangeValue.Length; // ServerExchangeValue
+                capacity += ServerExchangeValue.Length; // ServerExchangeValue
                 capacity += 4; // SharedKey length
-                capacity += _sharedKey.Length; // SharedKey
+                capacity += SharedKey.Length; // SharedKey
                 return capacity;
             }
         }
@@ -123,9 +108,9 @@ protected override void SaveData()
             Write(MaximumGroupSize);
             WriteBinaryString(_prime);
             WriteBinaryString(_subGroup);
-            WriteBinaryString(_clientExchangeValue);
-            WriteBinaryString(_serverExchangeValue);
-            WriteBinaryString(_sharedKey);
+            WriteBinaryString(ClientExchangeValue);
+            WriteBinaryString(ServerExchangeValue);
+            WriteBinaryString(SharedKey);
         }
     }
 }