sshnet
diff --git a/‎src/Renci.SshNet/ConnectionInfo.cs
+6-6 b/‎src/Renci.SshNet/ConnectionInfo.cs
+6-6
diff --git a/‎src/Renci.SshNet/PrivateKeyFile.OpenSSH.cs
+6-6 b/‎src/Renci.SshNet/PrivateKeyFile.OpenSSH.cs
+6-6
diff --git a/‎src/Renci.SshNet/PrivateKeyFile.PKCS1.cs
+3-3 b/‎src/Renci.SshNet/PrivateKeyFile.PKCS1.cs
+3-3
diff --git a/‎src/Renci.SshNet/PrivateKeyFile.PuTTY.cs
+3-1 b/‎src/Renci.SshNet/PrivateKeyFile.PuTTY.cs
+3-1
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.CtrImpl.cs
-115 b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.CtrImpl.cs
-115
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs
+4-9 b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipher.cs
+4-9
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipherMode.cs
-26 b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCipherMode.cs
-26
diff --git a/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCtrCipher.cs
+109 b/‎src/Renci.SshNet/Security/Cryptography/Ciphers/AesCtrCipher.cs
+109
@@ -364,15 +364,15 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
 
             Encryptions = new Dictionary<string, CipherInfo>
                 {
-                    { "aes128-ctr", new CipherInfo(128, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false)) },
-                    { "aes192-ctr", new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false)) },
-                    { "aes256-ctr", new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false)) },
+                    { "aes128-ctr", new CipherInfo(128, (key, iv) => new AesCtrCipher(key, iv)) },
+                    { "aes192-ctr", new CipherInfo(192, (key, iv) => new AesCtrCipher(key, iv)) },
+                    { "aes256-ctr", new CipherInfo(256, (key, iv) => new AesCtrCipher(key, iv)) },
                     { "[email protected]", new CipherInfo(128, (key, iv) => new AesGcmCipher(key, iv, aadLength: 4), isAead: true) },
                     { "[email protected]", new CipherInfo(256, (key, iv) => new AesGcmCipher(key, iv, aadLength: 4), isAead: true) },
                     { "[email protected]", new CipherInfo(512, (key, iv) => new ChaCha20Poly1305Cipher(key, aadLength: 4), isAead: true) },
-                    { "aes128-cbc", new CipherInfo(128, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false)) },
-                    { "aes192-cbc", new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false)) },
-                    { "aes256-cbc", new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false)) },
+                    { "aes128-cbc", new CipherInfo(128, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false)) },
+                    { "aes192-cbc", new CipherInfo(192, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false)) },
+                    { "aes256-cbc", new CipherInfo(256, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false)) },
                     { "3des-cbc", new CipherInfo(192, (key, iv) => new TripleDesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false)) },
                 };
 
 
@@ -95,22 +95,22 @@ public Key Parse()
                             cipherInfo = new CipherInfo(192, (key, iv) => new TripleDesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false));
                             break;
                         case "aes128-cbc":
-                            cipherInfo = new CipherInfo(128, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(128, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false));
                             break;
                         case "aes192-cbc":
-                            cipherInfo = new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(192, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false));
                             break;
                         case "aes256-cbc":
-                            cipherInfo = new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(256, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: false));
                             break;
                         case "aes128-ctr":
-                            cipherInfo = new CipherInfo(128, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(128, (key, iv) => new AesCtrCipher(key, iv));
                             break;
                         case "aes192-ctr":
-                            cipherInfo = new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(192, (key, iv) => new AesCtrCipher(key, iv));
                             break;
                         case "aes256-ctr":
-                            cipherInfo = new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CTR, pkcs7Padding: false));
+                            cipherInfo = new CipherInfo(256, (key, iv) => new AesCtrCipher(key, iv));
                             break;
                         case "[email protected]":
                             cipherInfo = new CipherInfo(128, (key, iv) => new AesGcmCipher(key, iv, aadLength: 0), isAead: true);
 
@@ -57,13 +57,13 @@ public Key Parse()
                             cipher = new CipherInfo(192, (key, iv) => new TripleDesCipher(key, iv, CipherMode.CFB, pkcs7Padding: false));
                             break;
                         case "AES-128-CBC":
-                            cipher = new CipherInfo(128, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: true));
+                            cipher = new CipherInfo(128, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: true));
                             break;
                         case "AES-192-CBC":
-                            cipher = new CipherInfo(192, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: true));
+                            cipher = new CipherInfo(192, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: true));
                             break;
                         case "AES-256-CBC":
-                            cipher = new CipherInfo(256, (key, iv) => new AesCipher(key, iv, AesCipherMode.CBC, pkcs7Padding: true));
+                            cipher = new CipherInfo(256, (key, iv) => new AesCipher(key, iv, CipherMode.CBC, pkcs7Padding: true));
                             break;
                         default:
                             throw new SshException(string.Format(CultureInfo.InvariantCulture, "Private key cipher \"{0}\" is not supported.", _cipherName));
 
@@ -14,6 +14,8 @@
 using Renci.SshNet.Security;
 using Renci.SshNet.Security.Cryptography.Ciphers;
 
+using CipherMode = System.Security.Cryptography.CipherMode;
+
 namespace Renci.SshNet
 {
     public partial class PrivateKeyFile
@@ -111,7 +113,7 @@ public Key Parse()
                                 throw new SshException("PuTTY key file version " + _version + " is not supported");
                         }
 
-                        using (var cipher = new AesCipher(cipherKey, cipherIV, AesCipherMode.CBC, pkcs7Padding: false))
+                        using (var cipher = new AesCipher(cipherKey, cipherIV, CipherMode.CBC, pkcs7Padding: false))
                         {
                             privateKey = cipher.Decrypt(_data);
                         }
 
@@ -23,32 +23,27 @@ public sealed partial class AesCipher : BlockCipher, IDisposable
         /// <param name="pkcs7Padding">Enable PKCS7 padding.</param>
         /// <exception cref="ArgumentNullException"><paramref name="key"/> is <see langword="null"/>.</exception>
         /// <exception cref="ArgumentException">Keysize is not valid for this algorithm.</exception>
-        public AesCipher(byte[] key, byte[] iv, AesCipherMode mode, bool pkcs7Padding = false)
+        public AesCipher(byte[] key, byte[] iv, System.Security.Cryptography.CipherMode mode, bool pkcs7Padding = false)
             : base(key, 16, mode: null, padding: null)
         {
-            if (mode == AesCipherMode.OFB)
+            if (mode == System.Security.Cryptography.CipherMode.OFB)
             {
                 // OFB is not supported on modern .NET
                 _impl = new BlockImpl(key, new OfbCipherMode(iv), pkcs7Padding ? new Pkcs7Padding() : null);
             }
 #if !NET6_0_OR_GREATER
-            else if (mode == AesCipherMode.CFB)
+            else if (mode == System.Security.Cryptography.CipherMode.CFB)
             {
                 // CFB not supported on NetStandard 2.1
                 _impl = new BlockImpl(key, new CfbCipherMode(iv), pkcs7Padding ? new Pkcs7Padding() : null);
             }
 #endif
-            else if (mode == AesCipherMode.CTR)
-            {
-                // CTR not supported by the BCL, use an optimized implementation
-                _impl = new CtrImpl(key, iv);
-            }
             else
             {
                 _impl = new BclImpl(
                     key,
                     iv,
-                    (System.Security.Cryptography.CipherMode)mode,
+                    mode,
                     pkcs7Padding ? PaddingMode.PKCS7 : PaddingMode.None);
             }
         }
 
@@ -0,0 +1,109 @@
+using System;
+using System.Buffers.Binary;
+using System.Numerics;
+using System.Security.Cryptography;
+
+namespace Renci.SshNet.Security.Cryptography.Ciphers
+{
+    internal sealed class AesCtrCipher : BlockCipher, IDisposable
+    {
+        private readonly Aes _aes;
+        private readonly ICryptoTransform _encryptor;
+
+        private ulong _ivUpper; // The upper 64 bits of the IV
+        private ulong _ivLower; // The lower 64 bits of the IV
+
+        public AesCtrCipher(byte[] key, byte[] iv)
+            : base(key, 16, mode: null, padding: null)
+        {
+            var aes = Aes.Create();
+            aes.Key = key;
+            aes.Mode = System.Security.Cryptography.CipherMode.ECB;
+            aes.Padding = PaddingMode.None;
+            _aes = aes;
+            _encryptor = aes.CreateEncryptor();
+
+            _ivLower = BinaryPrimitives.ReadUInt64BigEndian(iv.AsSpan(8));
+            _ivUpper = BinaryPrimitives.ReadUInt64BigEndian(iv);
+        }
+
+        public override byte[] Encrypt(byte[] input, int offset, int length)
+        {
+            return CTREncryptDecrypt(input, offset, length);
+        }
+
+        public override byte[] Decrypt(byte[] input, int offset, int length)
+        {
+            return CTREncryptDecrypt(input, offset, length);
+        }
+
+        public override int EncryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+        {
+            throw new NotImplementedException($"Invalid usage of {nameof(EncryptBlock)}.");
+        }
+
+        public override int DecryptBlock(byte[] inputBuffer, int inputOffset, int inputCount, byte[] outputBuffer, int outputOffset)
+        {
+            throw new NotImplementedException($"Invalid usage of {nameof(DecryptBlock)}.");
+        }
+
+        private byte[] CTREncryptDecrypt(byte[] data, int offset, int length)
+        {
+            var count = length / BlockSize;
+            if (length % BlockSize != 0)
+            {
+                count++;
+            }
+
+            var buffer = new byte[count * BlockSize];
+            CTRCreateCounterArray(buffer);
+            _ = _encryptor.TransformBlock(buffer, 0, buffer.Length, buffer, 0);
+            ArrayXOR(buffer, data, offset, length);
+
+            // adjust output for non-blocksized lengths
+            if (buffer.Length > length)
+            {
+                Array.Resize(ref buffer, length);
+            }
+
+            return buffer;
+        }
+
+        // creates the Counter array filled with incrementing copies of IV
+        private void CTRCreateCounterArray(byte[] buffer)
+        {
+            for (var i = 0; i < buffer.Length; i += 16)
+            {
+                BinaryPrimitives.WriteUInt64BigEndian(buffer.AsSpan(i + 8), _ivLower);
+                BinaryPrimitives.WriteUInt64BigEndian(buffer.AsSpan(i), _ivUpper);
+
+                _ivLower += 1;
+                _ivUpper += (_ivLower == 0) ? 1UL : 0UL;
+            }
+        }
+
+        // XOR 2 arrays using Vector<byte>
+        private static void ArrayXOR(byte[] buffer, byte[] data, int offset, int length)
+        {
+            var i = 0;
+
+            var oneVectorFromEnd = length - Vector<byte>.Count;
+            for (; i <= oneVectorFromEnd; i += Vector<byte>.Count)
+            {
+                var v = new Vector<byte>(buffer, i) ^ new Vector<byte>(data, offset + i);
+                v.CopyTo(buffer, i);
+            }
+
+            for (; i < length; i++)
+            {
+                buffer[i] ^= data[offset + i];
+            }
+        }
+
+        public void Dispose()
+        {
+            _aes.Dispose();
+            _encryptor.Dispose();
+        }
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@`
`14`	`14`	`using Renci.SshNet.Security;`
`15`	`15`	`using Renci.SshNet.Security.Cryptography.Ciphers;`
`16`	`16`
	`17`	`+using CipherMode = System.Security.Cryptography.CipherMode;`
	`18`	`+`
`17`	`19`	`namespace Renci.SshNet`
`18`	`20`	`{`
`19`	`21`	`public partial class PrivateKeyFile`
`@@ -111,7 +113,7 @@ public Key Parse()`
`111`	`113`	`throw new SshException("PuTTY key file version " + _version + " is not supported");`
`112`	`114`	`}`
`113`	`115`
`114`		`- using (var cipher = new AesCipher(cipherKey, cipherIV, AesCipherMode.CBC, pkcs7Padding: false))`
	`116`	`+ using (var cipher = new AesCipher(cipherKey, cipherIV, CipherMode.CBC, pkcs7Padding: false))`
`115`	`117`	`{`
`116`	`118`	`privateKey = cipher.Decrypt(_data);`
`117`	`119`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,32 +23,27 @@ public sealed partial class AesCipher : BlockCipher, IDisposable`
`23`	`23`	`/// <param name="pkcs7Padding">Enable PKCS7 padding.</param>`
`24`	`24`	`/// <exception cref="ArgumentNullException"><paramref name="key"/> is <see langword="null"/>.</exception>`
`25`	`25`	`/// <exception cref="ArgumentException">Keysize is not valid for this algorithm.</exception>`
`26`		`- public AesCipher(byte[] key, byte[] iv, AesCipherMode mode, bool pkcs7Padding = false)`
	`26`	`+ public AesCipher(byte[] key, byte[] iv, System.Security.Cryptography.CipherMode mode, bool pkcs7Padding = false)`
`27`	`27`	`: base(key, 16, mode: null, padding: null)`
`28`	`28`	`{`
`29`		`- if (mode == AesCipherMode.OFB)`
	`29`	`+ if (mode == System.Security.Cryptography.CipherMode.OFB)`
`30`	`30`	`{`
`31`	`31`	`// OFB is not supported on modern .NET`
`32`	`32`	`_impl = new BlockImpl(key, new OfbCipherMode(iv), pkcs7Padding ? new Pkcs7Padding() : null);`
`33`	`33`	`}`
`34`	`34`	`#if !NET6_0_OR_GREATER`
`35`		`- else if (mode == AesCipherMode.CFB)`
	`35`	`+ else if (mode == System.Security.Cryptography.CipherMode.CFB)`
`36`	`36`	`{`
`37`	`37`	`// CFB not supported on NetStandard 2.1`
`38`	`38`	`_impl = new BlockImpl(key, new CfbCipherMode(iv), pkcs7Padding ? new Pkcs7Padding() : null);`
`39`	`39`	`}`
`40`	`40`	`#endif`
`41`		`- else if (mode == AesCipherMode.CTR)`
`42`		`- {`
`43`		`- // CTR not supported by the BCL, use an optimized implementation`
`44`		`- _impl = new CtrImpl(key, iv);`
`45`		`- }`
`46`	`41`	`else`
`47`	`42`	`{`
`48`	`43`	`_impl = new BclImpl(`
`49`	`44`	`key,`
`50`	`45`	`iv,`
`51`		`- (System.Security.Cryptography.CipherMode)mode,`
	`46`	`+ mode,`
`52`	`47`	`pkcs7Padding ? PaddingMode.PKCS7 : PaddingMode.None);`
`53`	`48`	`}`
`54`	`49`	`}`