Skip to content

Add AES Key Wrap with Padding #117181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jul 1, 2025
Merged

Add AES Key Wrap with Padding #117181

merged 12 commits into from
Jul 1, 2025

Conversation

bartonjs
Copy link
Member

This change adds support for RFC 5649 AES Key Wrap with Padding.

Calling into OpenSSL for a more direct implementation of the algorithm will be done as a followup, for now this uses only the managed implementation of the algorithm and defines the test framework for future virtual dispatches.

Contributes to #108332

@bartonjs bartonjs added this to the 10.0.0 milestone Jun 30, 2025
@bartonjs bartonjs self-assigned this Jun 30, 2025
@Copilot Copilot AI review requested due to automatic review settings June 30, 2025 23:09
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for RFC 5649 AES Key Wrap with Padding using a managed implementation and defines the test framework to validate the new functionality.

  • Adds new methods in Aes.cs to compute padded lengths, encrypt, decrypt, and try-decrypt key wrap operations.
  • Updates project files, resource strings, and public API references accordingly.
  • Includes comprehensive tests in KeyWrapTests.cs and enhances buffer management via a new CryptoPoolLease implementation.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj Added compile entry for KeyWrapTests.cs to include key wrap tests.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs Introduced new AES Key Wrap with Padding encryption and decryption methods.
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx Added error message entries for key wrap decryption failures and invalid lengths.
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs Updated API references to reflect the new key wrap methods.
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/AES/KeyWrapTests.cs Added comprehensive tests to validate the new key wrap functionality.
src/libraries/Common/src/System/Security/Cryptography/CryptoPool.cs Introduced CryptoPoolLease for efficient temporary buffer management.

Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@vcsjones
Copy link
Member

vcsjones commented Jul 1, 2025

I assume native OpenSSL interop is not needed, or can be done as a follow up? Seems like we want to get the API in for preview7.

Edit:

I read the PR description part that said:

Calling into OpenSSL for a more direct implementation of the algorithm will be done as a followup

and immediately forgot it.

@bartonjs bartonjs merged commit 25f84a4 into dotnet:main Jul 1, 2025
81 of 87 checks passed
@bartonjs bartonjs deleted the aeskw branch July 1, 2025 23:17
@bartonjs bartonjs added the cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. label Jul 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants