Use BCL ECDiffieHellman for KeyExchange instead of BouncyCastle (.NET 8.0 onward only)

appveyor.yml

@@ -28,7 +28,7 @@ for:
     - sh: dotnet test -f net8.0 -c Debug --no-restore --no-build --results-directory artifacts --logger Appveyor --logger "console;verbosity=normal" --logger "liquid.md;LogFileName=linux_unit_test_net_8_report.md" -p:CollectCoverage=true -p:CoverletOutputFormat=cobertura -p:CoverletOutput=../../artifacts/linux_unit_test_net_8_coverage.xml test/Renci.SshNet.Tests/Renci.SshNet.Tests.csproj
     - sh: echo "Run integration tests"
     - sh: dotnet test -f net8.0 -c Debug --no-restore --no-build --results-directory artifacts --logger Appveyor --logger "console;verbosity=normal" --logger "liquid.md;LogFileName=linux_integration_test_net_8_report.md" -p:CollectCoverage=true -p:CoverletOutputFormat=cobertura -p:CoverletOutput=../../artifacts/linux_integration_test_net_8_coverage.xml test/Renci.SshNet.IntegrationTests/Renci.SshNet.IntegrationTests.csproj
-    - sh: dotnet test -f net48 -c Debug --no-restore --no-build --results-directory artifacts --logger Appveyor --logger "console;verbosity=normal" --logger "liquid.md;LogFileName=linux_integration_test_net_48_report.md" -p:CollectCoverage=true -p:CoverletOutputFormat=cobertura -p:CoverletOutput=../../artifacts/linux_integration_test_net_48_coverage.xml --filter "Name=ChaCha20Poly1305|Name~Zlib" test/Renci.SshNet.IntegrationTests/Renci.SshNet.IntegrationTests.csproj
+    - sh: dotnet test -f net48 -c Debug --no-restore --no-build --results-directory artifacts --logger Appveyor --logger "console;verbosity=normal" --logger "liquid.md;LogFileName=linux_integration_test_net_48_report.md" -p:CollectCoverage=true -p:CoverletOutputFormat=cobertura -p:CoverletOutput=../../artifacts/linux_integration_test_net_48_coverage.xml --filter "Name=ChaCha20Poly1305|Name~Ecdh|Name~Zlib" test/Renci.SshNet.IntegrationTests/Renci.SshNet.IntegrationTests.csproj
 
 -
   matrix:

src/Renci.SshNet/Security/KeyExchangeECDH.cs

@@ -1,9 +1,9 @@
 using System;
 
-using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto.Agreement;
 using Org.BouncyCastle.Crypto.Generators;
 using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Utilities;
 using Org.BouncyCastle.Math.EC;
 
 using Renci.SshNet.Abstractions;
@@ -14,16 +14,19 @@ namespace Renci.SshNet.Security
 {
     internal abstract class KeyExchangeECDH : KeyExchangeEC
     {
+#if NET8_0_OR_GREATER
+        private System.Security.Cryptography.ECDiffieHellman _clientECDH;
+#endif
+        private ECDHCBasicAgreement _keyAgreement;
+        private ECDomainParameters _domainParameters;
+
         /// <summary>
-        /// Gets the parameter of the curve.
+        /// Gets the name of the curve.
         /// </summary>
         /// <value>
-        /// The parameter of the curve.
+        /// The name of the curve.
         /// </value>
-        protected abstract X9ECParameters CurveParameter { get; }
-
-        private ECDHCBasicAgreement _keyAgreement;
-        private ECDomainParameters _domainParameters;
+        protected abstract string CurveName { get; }
 
         /// <inheritdoc/>
         public override void Start(Session session, KeyExchangeInitMessage message, bool sendClientInitMessage)
@@ -34,11 +37,30 @@ public override void Start(Session session, KeyExchangeInitMessage message, bool
 
             Session.KeyExchangeEcdhReplyMessageReceived += Session_KeyExchangeEcdhReplyMessageReceived;
 
-            _domainParameters = new ECDomainParameters(CurveParameter.Curve,
-                                                      CurveParameter.G,
-                                                      CurveParameter.N,
-                                                      CurveParameter.H,
-                                                      CurveParameter.GetSeed());
+#if NET8_0_OR_GREATER
+            if (!OperatingSystem.IsWindows() || OperatingSystem.IsWindowsVersionAtLeast(10))
+            {
+                _clientECDH = System.Security.Cryptography.ECDiffieHellman.Create();
+                _clientECDH.GenerateKey(System.Security.Cryptography.ECCurve.CreateFromFriendlyName(CurveName));
+
+                var q = _clientECDH.PublicKey.ExportParameters().Q;
+
+                _clientExchangeValue = new byte[1 + q.X.Length + q.Y.Length];
+                _clientExchangeValue[0] = 0x04;
+                Buffer.BlockCopy(q.X, 0, _clientExchangeValue, 1, q.X.Length);
+                Buffer.BlockCopy(q.Y, 0, _clientExchangeValue, q.X.Length + 1, q.Y.Length);
+
+                SendMessage(new KeyExchangeEcdhInitMessage(_clientExchangeValue));
+
+                return;
+            }
+#endif
+            var curveParameter = SshNamedCurves.GetByName(CurveName);
+            _domainParameters = new ECDomainParameters(curveParameter.Curve,
+                                      curveParameter.G,
+                                      curveParameter.N,
+                                      curveParameter.H,
+                                      curveParameter.GetSeed());
 
             var g = new ECKeyPairGenerator();
             g.Init(new ECKeyGenerationParameters(_domainParameters, CryptoAbstraction.SecureRandom));
@@ -92,12 +114,45 @@ private void HandleServerEcdhReply(byte[] hostKey, byte[] serverExchangeValue, b
             var y = new byte[cordSize];
             Buffer.BlockCopy(serverExchangeValue, cordSize + 1, y, 0, y.Length);
 
+#if NET8_0_OR_GREATER
+            if (!OperatingSystem.IsWindows() || OperatingSystem.IsWindowsVersionAtLeast(10))
+            {
+                using var serverECDH = System.Security.Cryptography.ECDiffieHellman.Create(
+                    new System.Security.Cryptography.ECParameters
+                    {
+                        Curve = System.Security.Cryptography.ECCurve.CreateFromFriendlyName(CurveName),
+                        Q =
+                        {
+                            X = x,
+                            Y = y,
+                        },
+                    });
+
+                var k = _clientECDH.DeriveRawSecretAgreement(serverECDH.PublicKey);
+                SharedKey = k.ToBigInteger2().ToByteArray().Reverse();
+
+                return;
+            }
+#endif
             var c = (FpCurve)_domainParameters.Curve;
             var q = c.CreatePoint(new Org.BouncyCastle.Math.BigInteger(1, x), new Org.BouncyCastle.Math.BigInteger(1, y));
             var publicKey = new ECPublicKeyParameters("ECDH", q, _domainParameters);
 
             var k1 = _keyAgreement.CalculateAgreement(publicKey);
             SharedKey = k1.ToByteArray().ToBigInteger2().ToByteArray().Reverse();
         }
+
+#if NET8_0_OR_GREATER
+
+        /// <inheritdoc/>
+        protected override void Dispose(bool disposing)
+        {
+            base.Dispose(disposing);
+            if (disposing)
+            {
+                _clientECDH?.Dispose();
+            }
+        }
+#endif
     }
 }

src/Renci.SshNet/Security/KeyExchangeECDH256.cs

@@ -1,7 +1,4 @@
-using Org.BouncyCastle.Asn1.Sec;
-using Org.BouncyCastle.Asn1.X9;
-
-using Renci.SshNet.Abstractions;
+using Renci.SshNet.Abstractions;
 
 namespace Renci.SshNet.Security
 {
@@ -16,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("secp256r1");
-            }
+            get { return "nistp256"; }
         }
 
         /// <summary>

src/Renci.SshNet/Security/KeyExchangeECDH384.cs

@@ -1,7 +1,4 @@
-using Org.BouncyCastle.Asn1.Sec;
-using Org.BouncyCastle.Asn1.X9;
-
-using Renci.SshNet.Abstractions;
+using Renci.SshNet.Abstractions;
 
 namespace Renci.SshNet.Security
 {
@@ -16,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("secp384r1");
-            }
+            get { return "nistp384"; }
         }
 
         /// <summary>

src/Renci.SshNet/Security/KeyExchangeECDH521.cs

@@ -1,7 +1,4 @@
-using Org.BouncyCastle.Asn1.Sec;
-using Org.BouncyCastle.Asn1.X9;
-
-using Renci.SshNet.Abstractions;
+using Renci.SshNet.Abstractions;
 
 namespace Renci.SshNet.Security
 {
@@ -16,14 +13,11 @@ public override string Name
         }
 
         /// <summary>
-        /// Gets Curve Parameter.
+        /// Gets curve name.
         /// </summary>
-        protected override X9ECParameters CurveParameter
+        protected override string CurveName
         {
-            get
-            {
-                return SecNamedCurves.GetByName("secp521r1");
-            }
+            get { return "nistp384"; }
         }
 
         /// <summary>