ML-KEM: EncryptedPrivateKeyInfo exports #114304
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Note regarding the |
This comment was marked as duplicate.
This comment was marked as duplicate.
There was a problem hiding this comment.
Pull Request Overview
This pull request adds new APIs to export ML-KEM keys in the PKCS#8 EncryptedPrivateKeyInfo format, along with comprehensive tests to validate the new functionality.
- Introduces overloads for ExportEncryptedPkcs8PrivateKey and TryExportEncryptedPkcs8PrivateKey accepting both char- and byte-based passwords.
- Adds validation tests for proper handling of PBE parameters, disposal states, and buffer size scenarios.
- Extends test coverage in MLKemContractTests and MLKemBaseTests to verify roundtrip key export and import behaviors.
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs | Added API declarations for exporting encrypted PKCS#8 private keys. |
| src/libraries/Common/tests/System/Security/Cryptography/MLKemContractTests.cs | Added tests for disposal and parameter validation regarding encrypted PKCS#8 export. |
| src/libraries/Common/tests/System/Security/Cryptography/MLKemBaseTests.cs | Extended tests to cover roundtrip and failure cases for encrypted PKCS#8 exports. |
| src/libraries/Common/src/System/Security/Cryptography/MLKem.cs | Implemented encryption export functionality and helper method for buffer sizing and ASN.1 encoding. |
Files not reviewed (1)
- src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj: Language not supported
Comments suppressed due to low confidence (1)
src/libraries/Common/tests/System/Security/Cryptography/MLKemBaseTests.cs:593
- [nitpick] Consider separating the tests for TryExportPkcs8PrivateKey and ExportPkcs8PrivateKey into distinct test cases to provide clearer isolation of failures and improve maintainability.
callback(pkcs8); callback(kem.ExportPkcs8PrivateKey());
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
bartonjs
reviewed
Apr 7, 2025
bartonjs
reviewed
Apr 7, 2025
bartonjs
approved these changes
Apr 7, 2025
This was referenced Apr 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds PKCS#8 EncryptedPrivateKeyInfo exports.
Contributes to #113508