sshnet
diff --git a/‎src/Renci.SshNet/Abstractions/CryptoAbstraction.cs
Lines changed: 34 additions & 24 deletions b/‎src/Renci.SshNet/Abstractions/CryptoAbstraction.cs
Lines changed: 34 additions & 24 deletions
diff --git a/‎src/Renci.SshNet/ConnectionInfo.cs
Lines changed: 4 additions & 0 deletions b/‎src/Renci.SshNet/ConnectionInfo.cs
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Renci.SshNet/HashInfo.cs
Lines changed: 9 additions & 4 deletions b/‎src/Renci.SshNet/HashInfo.cs
Lines changed: 9 additions & 4 deletions
diff --git a/‎src/Renci.SshNet/Security/Cryptography/HMAC.cs
Lines changed: 49 additions & 0 deletions b/‎src/Renci.SshNet/Security/Cryptography/HMAC.cs
Lines changed: 49 additions & 0 deletions
diff --git a/‎src/Renci.SshNet/Security/IKeyExchange.cs
Lines changed: 2 additions & 3 deletions b/‎src/Renci.SshNet/Security/IKeyExchange.cs
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/Renci.SshNet/Security/KeyExchange.cs
Lines changed: 5 additions & 6 deletions b/‎src/Renci.SshNet/Security/KeyExchange.cs
Lines changed: 5 additions & 6 deletions
@@ -84,75 +84,85 @@ public static System.Security.Cryptography.RIPEMD160 CreateRIPEMD160()
         }
 #endif // FEATURE_HASH_RIPEMD160
 
-        public static System.Security.Cryptography.HMACMD5 CreateHMACMD5(byte[] key)
+        public static HMAC CreateHMACMD5(byte[] key)
         {
 #pragma warning disable CA5351 // Do not use broken cryptographic algorithms
-            return new System.Security.Cryptography.HMACMD5(key);
+            return new HMAC(new System.Security.Cryptography.HMACMD5(key));
 #pragma warning restore CA5351 // Do not use broken cryptographic algorithms
         }
 
-        public static HMACMD5 CreateHMACMD5(byte[] key, int hashSize)
+        public static HMAC CreateHMACMD5(byte[] key, int hashSize)
         {
 #pragma warning disable CA5351 // Do not use broken cryptographic algorithms
-            return new HMACMD5(key, hashSize);
+            return new HMAC(new HMACMD5(key, hashSize));
 #pragma warning restore CA5351 // Do not use broken cryptographic algorithms
         }
 
-        public static System.Security.Cryptography.HMACSHA1 CreateHMACSHA1(byte[] key)
+        public static HMAC CreateHMACSHA1(byte[] key)
         {
 #pragma warning disable CA5350 // Do not use weak cryptographic algorithms
-            return new System.Security.Cryptography.HMACSHA1(key);
+            return new HMAC(new System.Security.Cryptography.HMACSHA1(key));
 #pragma warning restore CA5350 // Do not use weak cryptographic algorithms
         }
 
-        public static HMACSHA1 CreateHMACSHA1(byte[] key, int hashSize)
+        public static HMAC CreateHMACSHA1(byte[] key, int hashSize)
         {
 #pragma warning disable CA5350 // Do not use weak cryptographic algorithms
-            return new HMACSHA1(key, hashSize);
+            return new HMAC(new HMACSHA1(key, hashSize));
 #pragma warning restore CA5350 // Do not use weak cryptographic algorithms
         }
 
-        public static System.Security.Cryptography.HMACSHA256 CreateHMACSHA256(byte[] key)
+        public static HMAC CreateHMACSHA256(byte[] key)
         {
-            return new System.Security.Cryptography.HMACSHA256(key);
+            return new HMAC(new System.Security.Cryptography.HMACSHA256(key));
         }
 
-        public static HMACSHA256 CreateHMACSHA256(byte[] key, int hashSize)
+        public static HMAC CreateHMACSHA256(byte[] key, int hashSize)
         {
-            return new HMACSHA256(key, hashSize);
+            return new HMAC(new HMACSHA256(key, hashSize));
         }
 
-        public static System.Security.Cryptography.HMACSHA384 CreateHMACSHA384(byte[] key)
+        public static HMAC CreateHMACSHA256(byte[] key, bool etm)
         {
-            return new System.Security.Cryptography.HMACSHA384(key);
+            return new HMAC(new System.Security.Cryptography.HMACSHA256(key), etm);
         }
 
-        public static HMACSHA384 CreateHMACSHA384(byte[] key, int hashSize)
+        public static HMAC CreateHMACSHA384(byte[] key)
         {
-            return new HMACSHA384(key, hashSize);
+            return new HMAC(new System.Security.Cryptography.HMACSHA384(key));
         }
 
-        public static System.Security.Cryptography.HMACSHA512 CreateHMACSHA512(byte[] key)
+        public static HMAC CreateHMACSHA384(byte[] key, int hashSize)
         {
-            return new System.Security.Cryptography.HMACSHA512(key);
+            return new HMAC(new HMACSHA384(key, hashSize));
         }
 
-        public static HMACSHA512 CreateHMACSHA512(byte[] key, int hashSize)
+        public static HMAC CreateHMACSHA512(byte[] key)
         {
-            return new HMACSHA512(key, hashSize);
+            return new HMAC(new System.Security.Cryptography.HMACSHA512(key));
+        }
+
+        public static HMAC CreateHMACSHA512(byte[] key, int hashSize)
+        {
+            return new HMAC(new HMACSHA512(key, hashSize));
+        }
+
+        public static HMAC CreateHMACSHA512(byte[] key, bool etm)
+        {
+            return new HMAC(new System.Security.Cryptography.HMACSHA512(key), etm);
         }
 
 #if FEATURE_HMAC_RIPEMD160
-        public static System.Security.Cryptography.HMACRIPEMD160 CreateHMACRIPEMD160(byte[] key)
+        public static HMAC CreateHMACRIPEMD160(byte[] key)
         {
 #pragma warning disable CA5350 // Do not use weak cryptographic algorithms
-            return new System.Security.Cryptography.HMACRIPEMD160(key);
+            return new HMAC(new System.Security.Cryptography.HMACRIPEMD160(key));
 #pragma warning restore CA5350 // Do not use weak cryptographic algorithms
         }
 #else
-        public static global::SshNet.Security.Cryptography.HMACRIPEMD160 CreateHMACRIPEMD160(byte[] key)
+        public static HMAC CreateHMACRIPEMD160(byte[] key)
         {
-            return new global::SshNet.Security.Cryptography.HMACRIPEMD160(key);
+            return new HMAC(new global::SshNet.Security.Cryptography.HMACRIPEMD160(key));
         }
 #endif // FEATURE_HMAC_RIPEMD160
     }
 
@@ -376,6 +376,7 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
 #pragma warning disable IDE0200 // Remove unnecessary lambda expression; We want to prevent instantiating the HashAlgorithm objects.
             HmacAlgorithms = new Dictionary<string, HashInfo>
                 {
+                    /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
                     { "hmac-sha2-256", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key)) },
                     { "hmac-sha2-512", new HashInfo(64 * 8, key => CryptoAbstraction.CreateHMACSHA512(key)) },
                     { "hmac-sha2-512-96", new HashInfo(64 * 8,  key => CryptoAbstraction.CreateHMACSHA512(key, 96)) },
@@ -386,6 +387,9 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
                     { "hmac-sha1-96", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key, 96)) },
                     { "hmac-md5", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key)) },
                     { "hmac-md5-96", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key, 96)) },
+                    /* Encrypt-then-MAC variants */
+                    { "hmac-sha2-256-etm@openssh.com", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key, etm: true)) },
+                    { "hmac-sha2-512-etm@openssh.com", new HashInfo(64 * 8, key => CryptoAbstraction.CreateHMACSHA512(key, etm: true)) },
                 };
 #pragma warning restore IDE0200 // Remove unnecessary lambda expression
 
 
@@ -1,6 +1,6 @@
 using System;
-using System.Security.Cryptography;
 using Renci.SshNet.Common;
+using Renci.SshNet.Security.Cryptography;
 
 namespace Renci.SshNet
 {
@@ -20,17 +20,22 @@ public class HashInfo
         /// <summary>
         /// Gets the cipher.
         /// </summary>
-        public Func<byte[], HashAlgorithm> HashAlgorithm { get; private set; }
+        public Func<byte[], HMAC> HMAC { get; private set; }
+
+        /// <summary>
+        /// Gets a value indicating whether Encrypt-then-MAC or not.
+        /// </summary>
+        public bool ETM { get; private set; }
 
         /// <summary>
         /// Initializes a new instance of the <see cref="HashInfo"/> class.
         /// </summary>
         /// <param name="keySize">Size of the key.</param>
         /// <param name="hash">The hash algorithm to use for a given key.</param>
-        public HashInfo(int keySize, Func<byte[], HashAlgorithm> hash)
+        public HashInfo(int keySize, Func<byte[], HMAC> hash)
         {
             KeySize = keySize;
-            HashAlgorithm = key => hash(key.Take(KeySize / 8));
+            HMAC = key => hash(key.Take(KeySize / 8));
         }
     }
 }
@@ -0,0 +1,49 @@
+using System;
+using System.Security.Cryptography;
+
+namespace Renci.SshNet.Security.Cryptography
+{
+    /// <summary>
+    /// Represents the info for Message Authentication Code (MAC).
+    /// </summary>
+    public sealed class HMAC : IDisposable
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HMAC"/> class.
+        /// </summary>
+        /// <param name="hashAlgorithm">The hash algorithm.</param>
+        public HMAC(HashAlgorithm hashAlgorithm)
+            : this(hashAlgorithm, etm: false)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HMAC"/> class.
+        /// </summary>
+        /// <param name="hashAlgorithm">The hash algorithm.</param>
+        /// <param name="etm"><see langword="true"/> to enable encrypt-then-MAC, <see langword="false"/> to use encrypt-and-MAC.</param>
+        public HMAC(
+            HashAlgorithm hashAlgorithm,
+            bool etm)
+        {
+            HashAlgorithm = hashAlgorithm;
+            ETM = etm;
+        }
+
+        /// <inheritdoc/>
+        public void Dispose()
+        {
+            HashAlgorithm?.Dispose();
+        }
+
+        /// <summary>
+        /// Gets the hash algorithem.
+        /// </summary>
+        public HashAlgorithm HashAlgorithm { get; private set; }
+
+        /// <summary>
+        /// Gets a value indicating whether enable encryption-to-mac or encryption-then-mac.
+        /// </summary>
+        public bool ETM { get; private set; }
+    }
+}
@@ -1,5 +1,4 @@
 using System;
-using System.Security.Cryptography;
 
 using Renci.SshNet.Common;
 using Renci.SshNet.Compression;
@@ -69,15 +68,15 @@ public interface IKeyExchange : IDisposable
         /// <returns>
         /// The server hash algorithm.
         /// </returns>
-        HashAlgorithm CreateServerHash();
+        HMAC CreateServerHash();
 
         /// <summary>
         /// Creates the client-side hash algorithm to use.
         /// </summary>
         /// <returns>
         /// The client hash algorithm.
         /// </returns>
-        HashAlgorithm CreateClientHash();
+        HMAC CreateClientHash();
 
         /// <summary>
         /// Creates the compression algorithm to use to deflate data.
 
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Security.Cryptography;
 
 using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
@@ -103,7 +102,7 @@ from a in message.MacAlgorithmsClientToServer
                                            select a).FirstOrDefault();
             if (string.IsNullOrEmpty(clientHmacAlgorithmName))
             {
-                throw new SshConnectionException("Server HMAC algorithm not found", DisconnectReason.KeyExchangeFailed);
+                throw new SshConnectionException("Client HMAC algorithm not found", DisconnectReason.KeyExchangeFailed);
             }
 
             session.ConnectionInfo.CurrentClientHmacAlgorithm = clientHmacAlgorithmName;
@@ -221,7 +220,7 @@ public Cipher CreateClientCipher()
         /// <returns>
         /// The server-side hash algorithm.
         /// </returns>
-        public HashAlgorithm CreateServerHash()
+        public HMAC CreateServerHash()
         {
             // Resolve Session ID
             var sessionId = Session.SessionId ?? ExchangeHash;
@@ -235,7 +234,7 @@ public HashAlgorithm CreateServerHash()
                                                     Session.ToHex(Session.SessionId),
                                                     Session.ConnectionInfo.CurrentServerHmacAlgorithm));
 
-            return _serverHashInfo.HashAlgorithm(serverKey);
+            return _serverHashInfo.HMAC(serverKey);
         }
 
         /// <summary>
@@ -244,7 +243,7 @@ public HashAlgorithm CreateServerHash()
         /// <returns>
         /// The client-side hash algorithm.
         /// </returns>
-        public HashAlgorithm CreateClientHash()
+        public HMAC CreateClientHash()
         {
             // Resolve Session ID
             var sessionId = Session.SessionId ?? ExchangeHash;
@@ -258,7 +257,7 @@ public HashAlgorithm CreateClientHash()
                                                     Session.ToHex(Session.SessionId),
                                                     Session.ConnectionInfo.CurrentClientHmacAlgorithm));
 
-            return _clientHashInfo.HashAlgorithm(clientKey);
+            return _clientHashInfo.HMAC(clientKey);
         }
 
         /// <summary>
Original file line number	Diff line number	Diff line change
`@@ -84,75 +84,85 @@ public static System.Security.Cryptography.RIPEMD160 CreateRIPEMD160()`
`84`	`84`	`}`
`85`	`85`	`#endif // FEATURE_HASH_RIPEMD160`
`86`	`86`
`87`		`- public static System.Security.Cryptography.HMACMD5 CreateHMACMD5(byte[] key)`
	`87`	`+ public static HMAC CreateHMACMD5(byte[] key)`
`88`	`88`	`{`
`89`	`89`	`#pragma warning disable CA5351 // Do not use broken cryptographic algorithms`
`90`		`- return new System.Security.Cryptography.HMACMD5(key);`
	`90`	`+ return new HMAC(new System.Security.Cryptography.HMACMD5(key));`
`91`	`91`	`#pragma warning restore CA5351 // Do not use broken cryptographic algorithms`
`92`	`92`	`}`
`93`	`93`
`94`		`- public static HMACMD5 CreateHMACMD5(byte[] key, int hashSize)`
	`94`	`+ public static HMAC CreateHMACMD5(byte[] key, int hashSize)`
`95`	`95`	`{`
`96`	`96`	`#pragma warning disable CA5351 // Do not use broken cryptographic algorithms`
`97`		`- return new HMACMD5(key, hashSize);`
	`97`	`+ return new HMAC(new HMACMD5(key, hashSize));`
`98`	`98`	`#pragma warning restore CA5351 // Do not use broken cryptographic algorithms`
`99`	`99`	`}`
`100`	`100`
`101`		`- public static System.Security.Cryptography.HMACSHA1 CreateHMACSHA1(byte[] key)`
	`101`	`+ public static HMAC CreateHMACSHA1(byte[] key)`
`102`	`102`	`{`
`103`	`103`	`#pragma warning disable CA5350 // Do not use weak cryptographic algorithms`
`104`		`- return new System.Security.Cryptography.HMACSHA1(key);`
	`104`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA1(key));`
`105`	`105`	`#pragma warning restore CA5350 // Do not use weak cryptographic algorithms`
`106`	`106`	`}`
`107`	`107`
`108`		`- public static HMACSHA1 CreateHMACSHA1(byte[] key, int hashSize)`
	`108`	`+ public static HMAC CreateHMACSHA1(byte[] key, int hashSize)`
`109`	`109`	`{`
`110`	`110`	`#pragma warning disable CA5350 // Do not use weak cryptographic algorithms`
`111`		`- return new HMACSHA1(key, hashSize);`
	`111`	`+ return new HMAC(new HMACSHA1(key, hashSize));`
`112`	`112`	`#pragma warning restore CA5350 // Do not use weak cryptographic algorithms`
`113`	`113`	`}`
`114`	`114`
`115`		`- public static System.Security.Cryptography.HMACSHA256 CreateHMACSHA256(byte[] key)`
	`115`	`+ public static HMAC CreateHMACSHA256(byte[] key)`
`116`	`116`	`{`
`117`		`- return new System.Security.Cryptography.HMACSHA256(key);`
	`117`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA256(key));`
`118`	`118`	`}`
`119`	`119`
`120`		`- public static HMACSHA256 CreateHMACSHA256(byte[] key, int hashSize)`
	`120`	`+ public static HMAC CreateHMACSHA256(byte[] key, int hashSize)`
`121`	`121`	`{`
`122`		`- return new HMACSHA256(key, hashSize);`
	`122`	`+ return new HMAC(new HMACSHA256(key, hashSize));`
`123`	`123`	`}`
`124`	`124`
`125`		`- public static System.Security.Cryptography.HMACSHA384 CreateHMACSHA384(byte[] key)`
	`125`	`+ public static HMAC CreateHMACSHA256(byte[] key, bool etm)`
`126`	`126`	`{`
`127`		`- return new System.Security.Cryptography.HMACSHA384(key);`
	`127`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA256(key), etm);`
`128`	`128`	`}`
`129`	`129`
`130`		`- public static HMACSHA384 CreateHMACSHA384(byte[] key, int hashSize)`
	`130`	`+ public static HMAC CreateHMACSHA384(byte[] key)`
`131`	`131`	`{`
`132`		`- return new HMACSHA384(key, hashSize);`
	`132`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA384(key));`
`133`	`133`	`}`
`134`	`134`
`135`		`- public static System.Security.Cryptography.HMACSHA512 CreateHMACSHA512(byte[] key)`
	`135`	`+ public static HMAC CreateHMACSHA384(byte[] key, int hashSize)`
`136`	`136`	`{`
`137`		`- return new System.Security.Cryptography.HMACSHA512(key);`
	`137`	`+ return new HMAC(new HMACSHA384(key, hashSize));`
`138`	`138`	`}`
`139`	`139`
`140`		`- public static HMACSHA512 CreateHMACSHA512(byte[] key, int hashSize)`
	`140`	`+ public static HMAC CreateHMACSHA512(byte[] key)`
`141`	`141`	`{`
`142`		`- return new HMACSHA512(key, hashSize);`
	`142`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA512(key));`
	`143`	`+ }`
	`144`	`+`
	`145`	`+ public static HMAC CreateHMACSHA512(byte[] key, int hashSize)`
	`146`	`+ {`
	`147`	`+ return new HMAC(new HMACSHA512(key, hashSize));`
	`148`	`+ }`
	`149`	`+`
	`150`	`+ public static HMAC CreateHMACSHA512(byte[] key, bool etm)`
	`151`	`+ {`
	`152`	`+ return new HMAC(new System.Security.Cryptography.HMACSHA512(key), etm);`
`143`	`153`	`}`
`144`	`154`
`145`	`155`	`#if FEATURE_HMAC_RIPEMD160`
`146`		`- public static System.Security.Cryptography.HMACRIPEMD160 CreateHMACRIPEMD160(byte[] key)`
	`156`	`+ public static HMAC CreateHMACRIPEMD160(byte[] key)`
`147`	`157`	`{`
`148`	`158`	`#pragma warning disable CA5350 // Do not use weak cryptographic algorithms`
`149`		`- return new System.Security.Cryptography.HMACRIPEMD160(key);`
	`159`	`+ return new HMAC(new System.Security.Cryptography.HMACRIPEMD160(key));`
`150`	`160`	`#pragma warning restore CA5350 // Do not use weak cryptographic algorithms`
`151`	`161`	`}`
`152`	`162`	`#else`
`153`		`- public static global::SshNet.Security.Cryptography.HMACRIPEMD160 CreateHMACRIPEMD160(byte[] key)`
	`163`	`+ public static HMAC CreateHMACRIPEMD160(byte[] key)`
`154`	`164`	`{`
`155`		`- return new global::SshNet.Security.Cryptography.HMACRIPEMD160(key);`
	`165`	`+ return new HMAC(new global::SshNet.Security.Cryptography.HMACRIPEMD160(key));`
`156`	`166`	`}`
`157`	`167`	`#endif // FEATURE_HMAC_RIPEMD160`
`158`	`168`	`}`