Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use System.Security.Cryptography for TripleDesCipher and fall back to use BouncyCastle if BCL doesn't support #1546

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from

Conversation

scott-xu
Copy link
Collaborator

@scott-xu scott-xu commented Nov 30, 2024

This PR

  • changes TripleDesCipher to use BCL's TripleDES where possible, and falls back to use BoucyCastle if BCL doesn't support.
  • drops support for DesCipher. It is only used to decrypt OpenSSL legacy private key format (aka PKCS1). Suggest switching to newer encryption method.
  • changes PKCS7Padding to use BouncyCaslte's implementation.
  • renames AesCipherMode to BlockCipherMode. Some previous discussion: Use hardware-accelerated AES CryptoServiceProvider #865 (comment)

Benchmarks based on .NET 9.0.0 (9.0.24.52809), X64 RyuJIT AVX2

Before:

Method Mean Error StdDev Gen0 Gen1 Allocated
Encrypt_CBC 1.379 ms 0.0268 ms 0.0402 ms 39.0625 1.9531 161.19 KB
Decrypt_CBC 1.333 ms 0.0202 ms 0.0189 ms 39.0625 1.9531 161.19 KB
Encrypt_CFB 1.371 ms 0.0263 ms 0.0281 ms 39.0625 1.9531 161.23 KB
Decrypt_CFB 1.379 ms 0.0164 ms 0.0146 ms 39.0625 1.9531 161.23 KB

After:

Method Mean Error StdDev Gen0 Allocated
Encrypt_CBC 1,018.1 us 20.33 us 28.50 us 7.8125 33.18 KB
Decrypt_CBC 966.5 us 19.25 us 20.60 us 7.8125 33.18 KB
Encrypt_CFB 1,016.6 us 15.57 us 14.57 us 7.8125 33.18 KB
Decrypt_CFB 970.4 us 13.38 us 12.52 us 7.8125 33.18 KB

@Rob-Hague
Copy link
Collaborator

We could consider dropping DesCipher

@scott-xu
Copy link
Collaborator Author

Agree

@scott-xu scott-xu changed the title Use System.Security.Cryptography for DesCipher and TripleDesCipher and falls back to use BouncyCastle if BCL doesn't support Use System.Security.Cryptography for TripleDesCipher and falls back to use BouncyCastle if BCL doesn't support Dec 22, 2024
@scott-xu scott-xu marked this pull request as ready for review December 22, 2024 16:02
@scott-xu scott-xu changed the title Use System.Security.Cryptography for TripleDesCipher and falls back to use BouncyCastle if BCL doesn't support Use System.Security.Cryptography for TripleDesCipher and fall back to use BouncyCastle if BCL doesn't support Dec 22, 2024
@scott-xu
Copy link
Collaborator Author

scott-xu commented Dec 24, 2024

Might also be a good chance to drop home-made CfbCipherMode and OfbCipherMode.

  • CfbCipherMode is only used for PKCS1 private key encrypted byDES-EDE3-CFB.
  • OfbCipherMode is not used anywhere inside the library.

Further more, we can consider changing all Renci.SshNet.Security.Cryptography.* internal.

@Rob-Hague
Copy link
Collaborator

possibly yes, but I would prefer to think about that separately. Can you restore CbcCipherMode here?

@scott-xu
Copy link
Collaborator Author

CbcCipherMode is restored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants