Use BCL CipherMode enum for AesCipher class

[scott-xu]

Create a dedicated AesCtrCipher class just like AesGcmCipher class.

Relate to #1560

[Rob-Hague]

Is there a benefit to this?

[scott-xu]

FYI: some previous discussion: #865 (comment)

[scott-xu]

The main purpose is to use BCL as possible as it can.

[Rob-Hague]

Thanks, I remember the previous discussion, but I don't think it is worth changing the API right now. Maybe at a later time

[Copilot]

Pull Request Overview

This PR refactors the cipher implementation to use the BCL CipherMode enum instead of a custom AesCipherMode enum, and creates a dedicated AesCtrCipher class similar to the existing AesGcmCipher class. The changes remove support for DES-EDE3-CFB encryption and eliminate custom cipher mode implementations in favor of BCL-provided functionality.

• Replaced custom AesCipherMode enum with BCL's System.Security.Cryptography.CipherMode
• Created dedicated AesCtrCipher class for CTR mode encryption
• Removed DES-EDE3-CFB support and associated test data
• Simplified cipher implementations by removing custom mode classes (CFB, CTR, OFB, CBC)

Reviewed Changes

Copilot reviewed 33 out of 33 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs	Refactored to use BCL CipherMode and simplified implementation
src/Renci.SshNet/Security/Cryptography/Ciphers/AesCtrCipher.cs	New dedicated class for AES-CTR mode
src/Renci.SshNet/Security/Cryptography/Ciphers/TripleDesCipher.cs	Refactored to use BCL CipherMode
src/Renci.SshNet/PrivateKeyFile.*.cs	Updated cipher instantiation to use BCL CipherMode
src/Renci.SshNet/ConnectionInfo.cs	Updated cipher configurations to use new class constructors
test/**/*CipherTest*.cs	Updated tests to use BCL CipherMode and new AesCtrCipher class
Multiple cipher mode files	Removed custom implementations (CFB, CTR, OFB, CBC, CipherMode base)
test/Data/Key.RSA.Encrypted.Des.Ede3.CFB.*	Removed test data for unsupported DES-EDE3-CFB

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[scott-xu]

Is there a benefit to this?

One other benefit is the reduction of code. Less code means less maintenance.

[scott-xu]

IMHO, SSH.NET should be the client of SSH but not a cryptography library. That's the reason why I hide AesCipher and TripleDesCipher.

[scott-xu]

Could you please have another review of this PR please? @Rob-Hague

[Rob-Hague]

I am fine with dropping BlockCipher (and CipherMode), but I would rather not change AesCipher until there is a compelling reason, otherwise it is just churn. If you can put it back, I'll merge the rest

[scott-xu]

The reason is

1. BCL CipherMode does not have CTR mode.
2. OFB and CFB is not used anywhere.

[scott-xu]

Note: this is a breaking change of public API

[scott-xu]

This is a breaking change of public API

[scott-xu]

OFB is not used anywhere

[scott-xu]

CFB is not used anywhere

[scott-xu]

BCL CipherMode does not have CTR mode

[scott-xu]

BTW, I would suggest renaming Renci.SshNet.Security.Cryptography.SymmetricCipher to Renci.SshNet.Security.Cryptography.AsymmetricBlockCipher. Unfortunately, it is a public class. But it should be rarely used. What do you think? @Rob-Hague

[scott-xu]

I am fine with dropping BlockCipher (and CipherMode), but I would rather not change AesCipher until there is a compelling reason, otherwise it is just churn. If you can put it back, I'll merge the rest

BlockCipher and CipherMode are dropped. BlockSize property is moved to Cipher abstract class.
Can you please share more information about not changing AesCipher?

[scott-xu]

BTW, I would suggest renaming Renci.SshNet.Security.Cryptography.SymmetricCipher to Renci.SshNet.Security.Cryptography.AsymmetricBlockCipher. Unfortunately, it is a public class. But it should be rarely used. What do you think? @Rob-Hague

SymmertricCipher is dropped.