Use BCL Curve25519 when possible

scott-xu · scott-xu · commit f6e2486784d3 · 2025-09-22T19:59:31.000+08:00
diff --git a/src/Renci.SshNet/Security/KeyExchangeEC.BclImpl.cs b/src/Renci.SshNet/Security/KeyExchangeEC.BclImpl.cs
@@ -4,9 +4,9 @@
 
 namespace Renci.SshNet.Security
 {
-    internal abstract partial class KeyExchangeECDH
+    internal abstract partial class KeyExchangeEC
     {
-        private sealed class BclImpl : Impl
+        protected internal sealed class BclImpl : Impl
         {
             private readonly ECCurve _curve;
             private readonly ECDiffieHellman _clientECDH;
diff --git a/src/Renci.SshNet/Security/KeyExchangeEC.cs b/src/Renci.SshNet/Security/KeyExchangeEC.cs
@@ -1,8 +1,10 @@
-﻿using Renci.SshNet.Messages.Transport;
+﻿using System;
+
+using Renci.SshNet.Messages.Transport;
 
 namespace Renci.SshNet.Security
 {
-    internal abstract class KeyExchangeEC : KeyExchange
+    internal abstract partial class KeyExchangeEC : KeyExchange
     {
 #pragma warning disable SA1401 // Fields should be private
         /// <summary>
@@ -76,5 +78,23 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
             _serverPayload = message.GetBytes();
             _clientPayload = Session.ClientInitMessage.GetBytes();
         }
+
+        protected internal abstract class Impl : IDisposable
+        {
+            public abstract byte[] GenerateClientECPoint();
+
+            public abstract byte[] CalculateAgreement(byte[] serverECPoint);
+
+            protected virtual void Dispose(bool disposing)
+            {
+            }
+
+            public void Dispose()
+            {
+                // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method
+                Dispose(disposing: true);
+                GC.SuppressFinalize(this);
+            }
+        }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.BouncyCastleImpl.cs b/src/Renci.SshNet/Security/KeyExchangeECCurve25519.BouncyCastleImpl.cs
@@ -0,0 +1,38 @@
+﻿using Org.BouncyCastle.Crypto.Agreement;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Parameters;
+
+using Renci.SshNet.Abstractions;
+
+namespace Renci.SshNet.Security
+{
+    internal partial class KeyExchangeECCurve25519
+    {
+        private sealed class BouncyCastleImpl : Impl
+        {
+            private X25519Agreement _keyAgreement;
+
+            public override byte[] GenerateClientECPoint()
+            {
+                var g = new X25519KeyPairGenerator();
+                g.Init(new X25519KeyGenerationParameters(CryptoAbstraction.SecureRandom));
+
+                var aKeyPair = g.GenerateKeyPair();
+                _keyAgreement = new X25519Agreement();
+                _keyAgreement.Init(aKeyPair.Private);
+
+                return ((X25519PublicKeyParameters)aKeyPair.Public).GetEncoded();
+            }
+
+            public override byte[] CalculateAgreement(byte[] serverECPoint)
+            {
+                var publicKey = new X25519PublicKeyParameters(serverECPoint);
+
+                var k1 = new byte[_keyAgreement.AgreementSize];
+                _keyAgreement.CalculateAgreement(publicKey, k1, 0);
+
+                return k1;
+            }
+        }
+    }
+}
diff --git a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs b/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs
@@ -1,16 +1,16 @@
-﻿using Org.BouncyCastle.Crypto.Agreement;
-using Org.BouncyCastle.Crypto.Generators;
-using Org.BouncyCastle.Crypto.Parameters;
-
-using Renci.SshNet.Abstractions;
+﻿using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
 using Renci.SshNet.Messages.Transport;
 
 namespace Renci.SshNet.Security
 {
-    internal sealed class KeyExchangeECCurve25519 : KeyExchangeEC
+    internal sealed partial class KeyExchangeECCurve25519 : KeyExchangeEC
     {
-        private X25519Agreement _keyAgreement;
+#if NET
+        private Impl _impl;
+#else
+        private BouncyCastleImpl _impl;
+#endif
 
         /// <summary>
         /// Gets algorithm name.
@@ -40,13 +40,19 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
 
             Session.KeyExchangeEcdhReplyMessageReceived += Session_KeyExchangeEcdhReplyMessageReceived;
 
-            var g = new X25519KeyPairGenerator();
-            g.Init(new X25519KeyGenerationParameters(CryptoAbstraction.SecureRandom));
+#if NET
+            if (System.OperatingSystem.IsWindowsVersionAtLeast(10))
+            {
+                var curve = System.Security.Cryptography.ECCurve.CreateFromFriendlyName("Curve25519");
+                _impl = new BclImpl(curve);
+            }
+            else
+#endif
+            {
+                _impl = new BouncyCastleImpl();
+            }
 
-            var aKeyPair = g.GenerateKeyPair();
-            _keyAgreement = new X25519Agreement();
-            _keyAgreement.Init(aKeyPair.Private);
-            _clientExchangeValue = ((X25519PublicKeyParameters)aKeyPair.Public).GetEncoded();
+            _clientExchangeValue = _impl.GenerateClientECPoint();
 
             SendMessage(new KeyExchangeEcdhInitMessage(_clientExchangeValue));
         }
@@ -98,11 +104,19 @@ private void HandleServerEcdhReply(byte[] hostKey, byte[] serverExchangeValue, b
             _hostKey = hostKey;
             _signature = signature;
 
-            var publicKey = new X25519PublicKeyParameters(serverExchangeValue);
-
-            var k1 = new byte[_keyAgreement.AgreementSize];
-            _keyAgreement.CalculateAgreement(publicKey, k1, 0);
+            var k1 = _impl.CalculateAgreement(serverExchangeValue);
             SharedKey = k1.ToBigInteger2().ToByteArray(isBigEndian: true);
         }
+
+        /// <inheritdoc/>
+        protected override void Dispose(bool disposing)
+        {
+            base.Dispose(disposing);
+
+            if (disposing)
+            {
+                _impl?.Dispose();
+            }
+        }
     }
 }
diff --git a/src/Renci.SshNet/Security/KeyExchangeECDH.cs b/src/Renci.SshNet/Security/KeyExchangeECDH.cs
@@ -1,6 +1,4 @@
-﻿using System;
-
-using Org.BouncyCastle.Asn1.X9;
+﻿using Org.BouncyCastle.Asn1.X9;
 
 using Renci.SshNet.Common;
 using Renci.SshNet.Messages.Transport;
@@ -41,7 +39,7 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
             Session.KeyExchangeEcdhReplyMessageReceived += Session_KeyExchangeEcdhReplyMessageReceived;
 
 #if NET
-            if (!OperatingSystem.IsWindows() || OperatingSystem.IsWindowsVersionAtLeast(10))
+            if (!System.OperatingSystem.IsWindows() || System.OperatingSystem.IsWindowsVersionAtLeast(10))
             {
                 _impl = new BclImpl(Curve);
             }
@@ -106,23 +104,5 @@ protected override void Dispose(bool disposing)
                 _impl?.Dispose();
             }
         }
-
-        private abstract class Impl : IDisposable
-        {
-            public abstract byte[] GenerateClientECPoint();
-
-            public abstract byte[] CalculateAgreement(byte[] serverECPoint);
-
-            protected virtual void Dispose(bool disposing)
-            {
-            }
-
-            public void Dispose()
-            {
-                // Do not change this code. Put cleanup code in 'Dispose(bool disposing)' method
-                Dispose(disposing: true);
-                GC.SuppressFinalize(this);
-            }
-        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,9 @@`
`4`	`4`
`5`	`5`	`namespace Renci.SshNet.Security`
`6`	`6`	`{`
`7`		`- internal abstract partial class KeyExchangeECDH`
	`7`	`+ internal abstract partial class KeyExchangeEC`
`8`	`8`	`{`
`9`		`- private sealed class BclImpl : Impl`
	`9`	`+ protected internal sealed class BclImpl : Impl`
`10`	`10`	`{`
`11`	`11`	`private readonly ECCurve _curve;`
`12`	`12`	`private readonly ECDiffieHellman _clientECDH;`