Skip to content

DataProtection use built in AesGcm where available #29814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 32 commits into from
Feb 24, 2021
Merged

DataProtection use built in AesGcm where available #29814

merged 32 commits into from
Feb 24, 2021

Conversation

@HaoK
Copy link
Member

@HaoK HaoK commented Feb 1, 2021

Fixes #20689

Use new framework crypto apis now that they are available, this enable these apis on non windows for non net461/netcore2.

@HaoK HaoK added the area-dataprotection Includes: DataProtection label Feb 1, 2021
@HaoK HaoK added this to the 6.0-preview2 milestone Feb 1, 2021
@HaoK HaoK requested review from a team and GrabYourPitchforks February 1, 2021 18:56
@HaoK
Copy link
Member Author

HaoK commented Feb 1, 2021

@GrabYourPitchforks for the crypto @dotnet/aspnet-build for adding a new algorithms dependency, @dotnet/aspnet-blazor-eng for fyi/review

@HaoK HaoK marked this pull request as ready for review February 1, 2021 18:56
@HaoK HaoK requested a review from dougbu as a code owner February 1, 2021 18:56
dougbu
dougbu reviewed Feb 1, 2021
View reviewed changes
pranavkm
pranavkm reviewed Feb 1, 2021
View reviewed changes
javiercn
javiercn reviewed Feb 2, 2021
View reviewed changes
src/DataProtection/Cryptography.Internal/src/CryptoUtil.cs
bytesA = new ReadOnlySpan<byte>(bufA, byteCount);
bytesB = new ReadOnlySpan<byte>(bufB, byteCount);
}
return CryptographicOperations.FixedTimeEquals(bytesA, bytesB);
Copy link
Member

@javiercn javiercn Feb 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

There are a bunch of places in data protection where we could leverage new primitives introduced to the framework in the past few releases. Might be interesting to have an issue for that. Identity likely can also benefit from it.

pranavkm
pranavkm reviewed Feb 2, 2021
View reviewed changes
pranavkm
pranavkm reviewed Feb 2, 2021
View reviewed changes
pranavkm
pranavkm reviewed Feb 2, 2021
View reviewed changes
@GrabYourPitchforks GrabYourPitchforks mentioned this pull request Feb 4, 2021
Closed
@HaoK HaoK mentioned this pull request Feb 8, 2021
Closed
@HaoK
Copy link
Member Author

HaoK commented Feb 16, 2021

@GrabYourPitchforks when you get a chance could you review the new managed implementation and the test I added to make sure it looks legit?

GrabYourPitchforks
GrabYourPitchforks approved these changes Feb 24, 2021
View reviewed changes
Copy link
Member

@GrabYourPitchforks GrabYourPitchforks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only thing that really needs fixed is the comment on AuthenticatedEncryptorDescriptorTests.cs. Approved once that's done. Everything else is at your discretion.

Thanks for getting to this! 👍

src/DataProtection/Cryptography.Internal/src/CryptoUtil.cs
Assert(countA == countB, "countA == countB");

#if NETCOREAPP
unsafe
Copy link
Member

@GrabYourPitchforks GrabYourPitchforks Feb 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extreme nits: No need to use unsafe here. If desired, you can also put the NoInlining | NoOptimization attribute within an #if !NETCOREAPP block. Maybe those can come with the spanification PR so as not to cause noise here.

Copy link
Member Author

@HaoK HaoK Feb 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will address this in the span PR

pranavkm
pranavkm reviewed Feb 24, 2021
View reviewed changes
src/DataProtection/DataProtection/src/Managed/AesGcmAuthenticatedEncryptor.cs

// Use the KDF to generate a new symmetric block cipher key
// We'll need a temporary buffer to hold the symmetric encryption subkey
var decryptedKdk = new byte[_keyDerivationKey.Length];
Copy link
Contributor

@pranavkm pranavkm Feb 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GrabYourPitchforks would it be unwise to use the shared ArrayPool here?

Copy link
Member Author

@HaoK HaoK Feb 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to merge this as is, can make this switch in the follow up / spanification PR if needed

Copy link
Member

@GrabYourPitchforks GrabYourPitchforks Feb 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, because it's a cryptographic secret. Within the runtime, our crypto libraries use an internal CryptoPool type instead of the public singleton ArrayPool<T>.Shared instance.

During the spanification work, this can be switched to using stackalloc (the common case) or the pinned object heap. Then no pooling will be needed at all.

@HaoK HaoK merged commit 5be1082 into main Feb 24, 2021
@HaoK HaoK deleted the haok/gcm branch February 24, 2021 22:12
@GrabYourPitchforks
Copy link
Member

GrabYourPitchforks commented Feb 24, 2021

I finished reviewing again through the commit a752598 and everything looks great. Thanks so much Hao!

@ghost
Copy link

ghost commented Feb 24, 2021

Hi @GrabYourPitchforks. It looks like you just commented on a closed PR. The team will most probably miss it. If you'd like to bring something important up to their attention, consider filing a new issue and add enough details to build context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GrabYourPitchforks GrabYourPitchforks GrabYourPitchforks approved these changes

@javiercn javiercn javiercn left review comments

@wtgodbe wtgodbe wtgodbe approved these changes

+2 more reviewers

@pranavkm pranavkm pranavkm left review comments

@dougbu dougbu dougbu left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-dataprotection Includes: DataProtection

Projects

None yet

Milestone

6.0-preview2

Development

Successfully merging this pull request may close these issues.

GCM encryption not available on linux when using DataProtection

7 participants

@HaoK @GrabYourPitchforks @pranavkm @dougbu @javiercn @wtgodbe