From fc1add9fb20457ff816e5d5939501eb0d8c449b8 Mon Sep 17 00:00:00 2001
From: Scott Xu <scott-xu@msn.com>
Date: Sat, 22 Mar 2025 16:47:23 +0800
Subject: [PATCH] Use native AesGcm for .NET Framework from nuget

---
 Directory.Packages.props                           |  3 ++-
 src/Renci.SshNet/Renci.SshNet.csproj               |  6 +++++-
 .../Cryptography/Ciphers/AesGcmCipher.BclImpl.cs   |  2 +-
 .../Security/Cryptography/Ciphers/AesGcmCipher.cs  | 14 +++++++++++---
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 169d98d16..8efd49ac3 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -11,6 +11,7 @@
     <PackageVersion Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageVersion Include="Meziantou.Analyzer" Version="2.0.205" />
     <!-- Should stay on LTS .NET releases. -->
+    <PackageVersion Include="Microsoft.Bcl.Cryptography" Version="10.0.0-preview.7.25380.108" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.3" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="9.0.7" />
     <PackageVersion Include="MSTest" Version="3.9.3" />
@@ -23,4 +24,4 @@
     <PackageVersion Include="System.Formats.Asn1" Version="8.0.2" />
     <PackageVersion Include="Testcontainers" Version="4.6.0" />
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/src/Renci.SshNet/Renci.SshNet.csproj b/src/Renci.SshNet/Renci.SshNet.csproj
index 446865229..6ec714ac3 100644
--- a/src/Renci.SshNet/Renci.SshNet.csproj
+++ b/src/Renci.SshNet/Renci.SshNet.csproj
@@ -49,7 +49,11 @@
     </PackageReference>
   </ItemGroup>
 
-  <ItemGroup Condition=" !$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net8.0')) ">
+  <ItemGroup Condition=" '$(TargetFramework)' == 'net462' ">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" />
+  </ItemGroup>
+
+  <ItemGroup Condition=" '$(TargetFramework)' == 'netstandard2.0' ">
     <PackageReference Include="System.Formats.Asn1" />
   </ItemGroup>
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
index de174d673..69af81e38 100644
--- a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
+++ b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.BclImpl.cs
@@ -1,4 +1,4 @@
-#if NET
+#if !NETSTANDARD
 using System;
 using System.Security.Cryptography;
 
diff --git a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
index ded36fc0d..81b7b278c 100644
--- a/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
+++ b/src/Renci.SshNet/Security/Cryptography/Ciphers/AesGcmCipher.cs
@@ -15,7 +15,7 @@ internal sealed partial class AesGcmCipher : SymmetricCipher, IDisposable
         private const int TagSizeInBytes = 16;
         private readonly byte[] _iv;
         private readonly int _aadLength;
-#if NET
+#if !NETSTANDARD
         private readonly Impl _impl;
 #else
         private readonly BouncyCastleImpl _impl;
@@ -62,10 +62,18 @@ public AesGcmCipher(byte[] key, byte[] iv, int aadLength)
             // SSH AES-GCM requires a 12-octet Initial IV
             _iv = iv.Take(12);
             _aadLength = aadLength;
-#if NET
+#if !NETSTANDARD
             if (System.Security.Cryptography.AesGcm.IsSupported)
             {
-                _impl = new BclImpl(key, _iv);
+                try
+                {
+                    _impl = new BclImpl(key, _iv);
+                }
+                catch (DllNotFoundException)
+                {
+                    // Mono doesn't have BCrypt.dll
+                    _impl = new BouncyCastleImpl(key, _iv);
+                }
             }
             else
 #endif