Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

One shot CFB #55480

Merged
merged 21 commits into from
Jul 13, 2021
Merged

One shot CFB #55480

merged 21 commits into from
Jul 13, 2021

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Jul 11, 2021
edited
Loading

This implements CFB one shots.

Some implementation notes:

  1. As discovered in Persisted-key AesCng in CFB mode always uses CFB8 #55477, CFB128 and CFB64 do not work with persisted CNG keys, they always work in CFB8 mode today. Rather than replicating this wrong behavior, the AesCng and TripleDESCng one shots will throw if the key is persisted and the feedback size is other than 8. This limitation can be removed, if it is possible, when the linked issue is solved.
  2. This does not change the behavior of the ICryptoTransform CFB implementation. The CNG CFB128 /CFB64 persisted-key remain as-is (using CFB8).
  3. RC2 does not support CFB at all, so the implementation throws.

Closes #2406

@dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented Jul 11, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

This implements CFB one shots.

Some implementation notes:

  1. As discovered in Persisted-key AesCng in CFB mode always uses CFB8 #55477, CFB128 and CFB64 do not work with persisted CNG keys, they always work in CFB8 mode today. Rather than replicating this wrong behavior, AesCng and TripleDESCng will throw if the key is persisted and the feedback size is other than 8. This limitation can be removed, if it is possible, when the linked issue is solved.
  2. RC2 does not support CFB at all, so the implementation throws.

Closes #2406

Author: vcsjones
Assignees: -
Labels:

area-System.Security, new-api-needs-documentation
Milestone: -

@vcsjones
Copy link
Member Author

Mono failures should be fixed by #55482.

@bartonjs
Copy link
Member

Looks like all I had were a couple of nitpicky things. Nice work.

@bartonjs
Copy link
Member

/azp run runtime-libraries-coreclr outerloop

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@vcsjones
Copy link
Member Author

Seems like Pipeline's NuGet feed is cranky.

@runfoapp runfoapp bot mentioned this pull request Jul 13, 2021
Closed
@bartonjs
Copy link
Member

The outerloop failures aren't related, just waiting on the Linux-Debug leg to finish.

@bartonjs bartonjs merged commit 2d3acc6 into dotnet:main Jul 13, 2021
@vcsjones vcsjones deleted the 2406-one-shot-cfb branch July 13, 2021 18:33
@runfoapp runfoapp bot mentioned this pull request Jul 13, 2021
Closed
@vcsjones vcsjones mentioned this pull request Jul 14, 2021
Merged
@runfoapp runfoapp bot mentioned this pull request Jul 15, 2021
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Aug 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees
No one assigned
Labels
area-System.Security new-api-needs-documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

One-shot AES CBC and ECB
2 participants
@vcsjones @bartonjs