Drop legacy algorithms part 1 (#1442)

This drops some of the algorithms long-considered legacy/insecure.

The idea is both to improve the theoretical security of the library by not offering
these algorithms, and to improve the practical security of the library by not having
hand-written, barely tested crypto code.

The overarching goal is for the library to have minimal exposure to crypto
implementation, relying firstly on the .NET base libraries, and secondly on
third-party providers, such as BouncyCastle.

This change covers deleting the cipher algorithms arcfour, blowfish, twofish, cast.
It covers deleting the MD5-based and truncated HMAC algorithms.

These were all disabled in OpenSSH server (sshd) in 2014[^1]:

> sshd(8): The default set of ciphers and MACs has been altered to
> remove unsafe algorithms. In particular, CBC ciphers and arcfour*
> are disabled by default.
>
> The full set of algorithms remains available if configured
> explicitly via the Ciphers and MACs sshd_config options.

and in the client in 2016[^2]:

> This release disables a number of legacy cryptographic algorithms
> by default in ssh:
>
>  * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
>    and the rijndael-cbc aliases for AES.
>
>  * MD5-based and truncated HMAC algorithms.
>
> These algorithms are already disabled by default in sshd.

This change also drops PKCS5Padding, which is a line-for-line copy of PKCS7Padding,
and StreamCipher, which is now unused (and useless anyway).

[^1]: https://www.openssh.com/txt/release-6.7
[^2]: https://www.openssh.com/txt/release-7.2

Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com>

Author: Rob-Hague

README.md

@@ -76,15 +76,6 @@ The main types provided by this library are:
 * aes192-cbc
 * aes256-cbc
 * 3des-cbc
-* blowfish-cbc
-* twofish-cbc
-* twofish192-cbc
-* twofish128-cbc
-* twofish256-cbc
-* arcfour
-* arcfour128
-* arcfour256
-* cast128-cbc
 
 ## Key Exchange Methods
 
@@ -134,18 +125,10 @@ Private keys can be encrypted using one of the following cipher methods:
 **SSH.NET** supports the following MAC algorithms:
 * hmac-sha2-256
 * hmac-sha2-512
-* hmac-sha2-512-96
-* hmac-sha2-256-96
 * hmac-sha1
-* hmac-sha1-96
-* hmac-md5
-* hmac-md5-96
 * hmac-sha2-256-etm<span></span>@openssh.com
 * hmac-sha2-512-etm<span></span>@openssh.com
 * hmac-sha1-etm<span></span>@openssh.com
-* hmac-sha1-96-etm<span></span>@openssh.com
-* hmac-md5-etm<span></span>@openssh.com
-* hmac-md5-96-etm<span></span>@openssh.com
 
 ## Compression
 

src/Renci.SshNet/Abstractions/CryptoAbstraction.cs

@@ -1,7 +1,5 @@
 using System;
 
-using Renci.SshNet.Security.Cryptography;
-
 namespace Renci.SshNet.Abstractions
 {
     internal static class CryptoAbstraction
@@ -62,55 +60,5 @@ public static System.Security.Cryptography.SHA512 CreateSHA512()
         {
             return System.Security.Cryptography.SHA512.Create();
         }
-
-        public static System.Security.Cryptography.HMACMD5 CreateHMACMD5(byte[] key)
-        {
-            return new System.Security.Cryptography.HMACMD5(key);
-        }
-
-        public static HMACMD5 CreateHMACMD5(byte[] key, int hashSize)
-        {
-            return new HMACMD5(key, hashSize);
-        }
-
-        public static System.Security.Cryptography.HMACSHA1 CreateHMACSHA1(byte[] key)
-        {
-            return new System.Security.Cryptography.HMACSHA1(key);
-        }
-
-        public static HMACSHA1 CreateHMACSHA1(byte[] key, int hashSize)
-        {
-            return new HMACSHA1(key, hashSize);
-        }
-
-        public static System.Security.Cryptography.HMACSHA256 CreateHMACSHA256(byte[] key)
-        {
-            return new System.Security.Cryptography.HMACSHA256(key);
-        }
-
-        public static HMACSHA256 CreateHMACSHA256(byte[] key, int hashSize)
-        {
-            return new HMACSHA256(key, hashSize);
-        }
-
-        public static System.Security.Cryptography.HMACSHA384 CreateHMACSHA384(byte[] key)
-        {
-            return new System.Security.Cryptography.HMACSHA384(key);
-        }
-
-        public static HMACSHA384 CreateHMACSHA384(byte[] key, int hashSize)
-        {
-            return new HMACSHA384(key, hashSize);
-        }
-
-        public static System.Security.Cryptography.HMACSHA512 CreateHMACSHA512(byte[] key)
-        {
-            return new System.Security.Cryptography.HMACSHA512(key);
-        }
-
-        public static HMACSHA512 CreateHMACSHA512(byte[] key, int hashSize)
-        {
-            return new HMACSHA512(key, hashSize);
-        }
     }
 }

src/Renci.SshNet/ConnectionInfo.cs

@@ -5,7 +5,6 @@
 using System.Security.Cryptography;
 using System.Text;
 
-using Renci.SshNet.Abstractions;
 using Renci.SshNet.Common;
 using Renci.SshNet.Compression;
 using Renci.SshNet.Messages.Authentication;
@@ -397,37 +396,18 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
             Encryptions.Add("aes192-cbc", new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false)));
             Encryptions.Add("aes256-cbc", new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false)));
             Encryptions.Add("3des-cbc", new CipherInfo(192, (key, iv) => new TripleDesCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("blowfish-cbc", new CipherInfo(128, (key, iv) => new BlowfishCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("twofish-cbc", new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("twofish192-cbc", new CipherInfo(192, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("twofish128-cbc", new CipherInfo(128, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("twofish256-cbc", new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), padding: null)));
-            Encryptions.Add("arcfour", new CipherInfo(128, (key, iv) => new Arc4Cipher(key, dischargeFirstBytes: false)));
-            Encryptions.Add("arcfour128", new CipherInfo(128, (key, iv) => new Arc4Cipher(key, dischargeFirstBytes: true)));
-            Encryptions.Add("arcfour256", new CipherInfo(256, (key, iv) => new Arc4Cipher(key, dischargeFirstBytes: true)));
-            Encryptions.Add("cast128-cbc", new CipherInfo(128, (key, iv) => new CastCipher(key, new CbcCipherMode(iv), padding: null)));
-
-#pragma warning disable IDE0200 // Remove unnecessary lambda expression; We want to prevent instantiating the HashAlgorithm objects.
+
             HmacAlgorithms = new Dictionary<string, HashInfo>
                 {
                     /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
-                    { "hmac-sha2-256", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key), isEncryptThenMAC: false) },
-                    { "hmac-sha2-512", new HashInfo(64*8, key => CryptoAbstraction.CreateHMACSHA512(key), isEncryptThenMAC: false) },
-                    { "hmac-sha2-512-96", new HashInfo(64*8,  key => CryptoAbstraction.CreateHMACSHA512(key, 96), isEncryptThenMAC: false) },
-                    { "hmac-sha2-256-96", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key, 96), isEncryptThenMAC: false) },
-                    { "hmac-sha1", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key), isEncryptThenMAC: false) },
-                    { "hmac-sha1-96", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key, 96), isEncryptThenMAC: false) },
-                    { "hmac-md5", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key), isEncryptThenMAC: false) },
-                    { "hmac-md5-96", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key, 96), isEncryptThenMAC: false) },
+                    { "hmac-sha2-256", new HashInfo(32*8, key => new HMACSHA256(key)) },
+                    { "hmac-sha2-512", new HashInfo(64*8, key => new HMACSHA512(key)) },
+                    { "hmac-sha1", new HashInfo(20*8, key => new HMACSHA1(key)) },
                     /* Encrypt-then-MAC variants */
-                    { "hmac-sha2-256-etm@openssh.com", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key), isEncryptThenMAC: true) },
-                    { "hmac-sha2-512-etm@openssh.com", new HashInfo(64*8, key => CryptoAbstraction.CreateHMACSHA512(key), isEncryptThenMAC: true) },
-                    { "hmac-sha1-etm@openssh.com", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key), isEncryptThenMAC: true) },
-                    { "hmac-sha1-96-etm@openssh.com", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key, 96), isEncryptThenMAC: true) },
-                    { "hmac-md5-etm@openssh.com", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key), isEncryptThenMAC: true) },
-                    { "hmac-md5-96-etm@openssh.com", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key, 96), isEncryptThenMAC: true) },
+                    { "hmac-sha2-256-etm@openssh.com", new HashInfo(32*8, key => new HMACSHA256(key), isEncryptThenMAC: true) },
+                    { "hmac-sha2-512-etm@openssh.com", new HashInfo(64*8, key => new HMACSHA512(key), isEncryptThenMAC: true) },
+                    { "hmac-sha1-etm@openssh.com", new HashInfo(20*8, key => new HMACSHA1(key), isEncryptThenMAC: true) },
                 };
-#pragma warning restore IDE0200 // Remove unnecessary lambda expression
 
             HostKeyAlgorithms = new Dictionary<string, Func<byte[], KeyHostAlgorithm>>
                 {