-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Add AES Key Wrap with Padding #117181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AES Key Wrap with Padding #117181
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR adds support for RFC 5649 AES Key Wrap with Padding using a managed implementation and defines the test framework to validate the new functionality.
- Adds new methods in Aes.cs to compute padded lengths, encrypt, decrypt, and try-decrypt key wrap operations.
- Updates project files, resource strings, and public API references accordingly.
- Includes comprehensive tests in KeyWrapTests.cs and enhances buffer management via a new CryptoPoolLease implementation.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
File | Description |
---|---|
src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj | Added compile entry for KeyWrapTests.cs to include key wrap tests. |
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs | Introduced new AES Key Wrap with Padding encryption and decryption methods. |
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx | Added error message entries for key wrap decryption failures and invalid lengths. |
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs | Updated API references to reflect the new key wrap methods. |
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/AES/KeyWrapTests.cs | Added comprehensive tests to validate the new key wrap functionality. |
src/libraries/Common/src/System/Security/Cryptography/CryptoPool.cs | Introduced CryptoPoolLease for efficient temporary buffer management. |
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
...aries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/AES/KeyWrapTests.cs
Show resolved
Hide resolved
...aries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/AES/KeyWrapTests.cs
Show resolved
Hide resolved
...aries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/AES/KeyWrapTests.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs
Show resolved
Hide resolved
I assume native OpenSSL interop is not needed, or can be done as a follow up? Seems like we want to get the API in for preview7. Edit: I read the PR description part that said:
and immediately forgot it. |
This change adds support for RFC 5649 AES Key Wrap with Padding.
Calling into OpenSSL for a more direct implementation of the algorithm will be done as a followup, for now this uses only the managed implementation of the algorithm and defines the test framework for future virtual dispatches.
Contributes to #108332