Use BCL ECDiffieHellman for KeyExchange (.NET 8.0 onward only)

Author: scott-xu

src/Renci.SshNet/Security/KeyExchangeECDH.cs

@@ -2,7 +2,7 @@
 using Renci.SshNet.Common;
 using Renci.SshNet.Messages.Transport;
 
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.X9;
+using Renci.SshNet.Security.Org.BouncyCastle.Asn1.Sec;
 using Renci.SshNet.Security.Org.BouncyCastle.Crypto.Agreement;
 using Renci.SshNet.Security.Org.BouncyCastle.Crypto.Generators;
 using Renci.SshNet.Security.Org.BouncyCastle.Crypto.Parameters;
@@ -13,13 +13,17 @@ namespace Renci.SshNet.Security
 {
     internal abstract class KeyExchangeECDH : KeyExchangeEC
     {
+#if NET8_0_OR_GREATER
+        private System.Security.Cryptography.ECDiffieHellman _clientECDH;
+#endif
+
         /// <summary>
-        /// Gets the parameter of the curve.
+        /// Gets the name of the curve.
         /// </summary>
         /// <value>
-        /// The parameter of the curve.
+        /// The name of the curve.
         /// </value>
-        protected abstract X9ECParameters CurveParameter { get; }
+        protected abstract string CurveName { get; }
 
         private ECDHCBasicAgreement _keyAgreement;
         private ECDomainParameters _domainParameters;
@@ -33,11 +37,30 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
 
             Session.KeyExchangeEcdhReplyMessageReceived += Session_KeyExchangeEcdhReplyMessageReceived;
 
-            _domainParameters = new ECDomainParameters(CurveParameter.Curve,
-                                                      CurveParameter.G,
-                                                      CurveParameter.N,
-                                                      CurveParameter.H,
-                                                      CurveParameter.GetSeed());
+#if NET8_0_OR_GREATER
+            if (IsNonWindowsOrWindowsVersionAtLeast(10))
+            {
+                _clientECDH = System.Security.Cryptography.ECDiffieHellman.Create();
+                _clientECDH.GenerateKey(System.Security.Cryptography.ECCurve.CreateFromFriendlyName(CurveName));
+
+                var q = _clientECDH.PublicKey.ExportParameters().Q;
+
+                _clientExchangeValue = new byte[1 + q.X.Length + q.Y.Length];
+                _clientExchangeValue[0] = 0x04;
+                Buffer.BlockCopy(q.X, 0, _clientExchangeValue, 1, q.X.Length);
+                Buffer.BlockCopy(q.Y, 0, _clientExchangeValue, q.X.Length + 1, q.Y.Length);
+
+                SendMessage(new KeyExchangeEcdhInitMessage(_clientExchangeValue));
+
+                return;
+            }
+#endif
+            var curveParameter = SecNamedCurves.GetByName(CurveName);
+            _domainParameters = new ECDomainParameters(curveParameter.Curve,
+                                      curveParameter.G,
+                                      curveParameter.N,
+                                      curveParameter.H,
+                                      curveParameter.GetSeed());
 
             var g = new ECKeyPairGenerator();
             g.Init(new ECKeyGenerationParameters(_domainParameters, new SecureRandom()));
@@ -46,7 +69,6 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
             _keyAgreement = new ECDHCBasicAgreement();
             _keyAgreement.Init(aKeyPair.Private);
             _clientExchangeValue = ((ECPublicKeyParameters)aKeyPair.Public).Q.GetEncoded();
-
             SendMessage(new KeyExchangeEcdhInitMessage(_clientExchangeValue));
         }
 
@@ -91,12 +113,49 @@ private void HandleServerEcdhReply(byte[] hostKey, byte[] serverExchangeValue, b
             var y = new byte[cordSize];
             Buffer.BlockCopy(serverExchangeValue, cordSize + 1, y, 0, y.Length);
 
+#if NET8_0_OR_GREATER
+            if (IsNonWindowsOrWindowsVersionAtLeast(10))
+            {
+                using var serverECDH = System.Security.Cryptography.ECDiffieHellman.Create(new System.Security.Cryptography.ECParameters
+                {
+                    Curve = System.Security.Cryptography.ECCurve.CreateFromFriendlyName(CurveName),
+                    Q =
+                    {
+                        X = x,
+                        Y = y,
+                    },
+                });
+
+                var k = _clientECDH.DeriveRawSecretAgreement(serverECDH.PublicKey);
+                SharedKey = k.ToBigInteger2().ToByteArray().Reverse();
+
+                return;
+            }
+#endif
             var c = (FpCurve)_domainParameters.Curve;
             var q = c.CreatePoint(new Org.BouncyCastle.Math.BigInteger(1, x), new Org.BouncyCastle.Math.BigInteger(1, y));
             var publicKey = new ECPublicKeyParameters("ECDH", q, _domainParameters);
 
             var k1 = _keyAgreement.CalculateAgreement(publicKey);
             SharedKey = k1.ToByteArray().ToBigInteger2().ToByteArray().Reverse();
         }
+
+#if NET8_0_OR_GREATER
+
+        /// <inheritdoc/>
+        protected override void Dispose(bool disposing)
+        {
+            base.Dispose(disposing);
+            if (disposing)
+            {
+                _clientECDH?.Dispose();
+            }
+        }
+
+        private static bool IsNonWindowsOrWindowsVersionAtLeast(int major)
+        {
+            return Environment.OSVersion.Platform != PlatformID.Win32NT || Environment.OSVersion.Version.Major >= major;
+        }
+#endif
     }
 }

src/Renci.SshNet/Security/KeyExchangeECDH256.cs

@@ -1,6 +1,4 @@
 using Renci.SshNet.Abstractions;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.Sec;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.X9;
 
 namespace Renci.SshNet.Security
 {
@@ -15,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("P-256");
-            }
+            get { return "secp256r1"; }
         }
 
         /// <summary>

src/Renci.SshNet/Security/KeyExchangeECDH384.cs

@@ -1,6 +1,4 @@
 using Renci.SshNet.Abstractions;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.Sec;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.X9;
 
 namespace Renci.SshNet.Security
 {
@@ -15,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("P-384");
-            }
+            get { return "secp384r1"; }
         }
 
         /// <summary>

src/Renci.SshNet/Security/KeyExchangeECDH521.cs

@@ -1,6 +1,4 @@
 using Renci.SshNet.Abstractions;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.Sec;
-using Renci.SshNet.Security.Org.BouncyCastle.Asn1.X9;
 
 namespace Renci.SshNet.Security
 {
@@ -15,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("P-521");
-            }
+            get { return "secp521r1"; }
         }
 
         /// <summary>