Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change]: AesGcm constructors without a tag size are obsolete #35338

Closed
1 of 3 tasks
vcsjones opened this issue May 15, 2023 · 0 comments · Fixed by #35729
Closed
1 of 3 tasks

[Breaking change]: AesGcm constructors without a tag size are obsolete #35338

vcsjones opened this issue May 15, 2023 · 0 comments · Fixed by #35729
Assignees
@gewarren
Labels
breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 8 Work items for the .NET 8 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] Pri1 High priority, do before Pri2 and Pri3 📌 seQUESTered Identifies that an issue has been imported into Quest. source incompatible Source code may encounter a breaking change in behavior when targeting the new version.

Comments

@vcsjones
Copy link
Member

vcsjones commented May 15, 2023
edited by github-actions bot

Description

The constructors for System.Security.Cryptography.AesGcm that do not accept a tagSizeInBytes parameter have been marked obsolete in favor of new constructors that accept the required tag size.

Version

.NET 8 Preview 5

Previous behavior

The AesGcm(byte[] key) and AesGcm(ReadOnlySpan<byte> key) constructors were not obsolete.

New behavior

The AesGcm(byte[] key) and AesGcm(ReadOnlySpan<byte> key) constructors have been marked as obsolete.

Type of breaking change

  • Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
  • Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code may require source changes to compile successfully.
  • Behavioral change: Existing binaries may behave differently at run time.

Reason for change

AES-GCM supports tags of various lengths, from 12 to 16 bytes, depending on the platform. Previously, the AesGcm class would determine the desired tag size based on the size of the tag itself. For example, if Decrypt was used with a 14 byte tag, it was assumed the tag was supposed to be 14 bytes.

However, AES-GCM supports these various lengths by truncation. AES-GCM natively produces 16 byte tags, and shorter tags are produced by truncating the tag.

If callers of Decrypt get the tag from input and pass the tag as-is, this would effectively allow Decrypt to be used with the shortest possible tag, which reduces the effective size of the tag.

To help consumers ensure they are using tags of the correct size, new constructors for AesGcm were introduced which require up-front declaring the size of the expected tag. During Encrypt or Decrypt, the supplied tag parameter must match the size declared in the constructor.

Recommended action

Use a constructor that accepts the desired tag size.

For example, if 128-bit or 16-byte tags were being used, replace:

using AesGcm aes = new AesGcm(yourKey);

with

using AesGcm aes = new AesGcm(yourKey, tagSizeInBytes: 16);

Feature area

Cryptography

Affected APIs

  • M:System.Security.Cryptography.AesGcm.#ctor(System.Byte[])
  • M:System.Security.Cryptography.AesGcm.#ctor(System.ReadOnlySpan{System.Byte})

Associated WorkItem - 97019
@vcsjones vcsjones added doc-idea Indicates issues that are suggestions for new topics [org][type][category] breaking-change Indicates a .NET Core breaking change Pri1 High priority, do before Pri2 and Pri3 labels May 15, 2023
@dotnet-bot dotnet-bot added ⌚ Not Triaged Not triaged source incompatible Source code may encounter a breaking change in behavior when targeting the new version. labels May 15, 2023
@vcsjones vcsjones mentioned this issue May 15, 2023
Closed
@gewarren gewarren added 🏁 Release: .NET 8 Work items for the .NET 8 release and removed ⌚ Not Triaged Not triaged labels May 15, 2023
@gewarren gewarren added the 🗺️ reQUEST Triggers an issue to be imported into Quest. label Jun 2, 2023
@github-actions github-actions bot added 📌 seQUESTered Identifies that an issue has been imported into Quest. and removed 🗺️ reQUEST Triggers an issue to be imported into Quest. labels Jun 3, 2023
@gewarren gewarren mentioned this issue Jun 9, 2023
Merged
@ghost ghost added the in-pr This issue will be closed (fixed) by an active pull request. label Jun 9, 2023
@ghost ghost removed the in-pr This issue will be closed (fixed) by an active pull request. label Jun 13, 2023
This was referenced Jul 14, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gewarren gewarren

Labels
breaking-change Indicates a .NET Core breaking change 🏁 Release: .NET 8 Work items for the .NET 8 release doc-idea Indicates issues that are suggestions for new topics [org][type][category] Pri1 High priority, do before Pri2 and Pri3 📌 seQUESTered Identifies that an issue has been imported into Quest. source incompatible Source code may encounter a breaking change in behavior when targeting the new version.
Projects
No open projects
.NET 8.0 work items
Status: Done
dotnet/docs June 2023 sprint
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add SYSLIB0053 gewarren/docs
3 participants
@vcsjones @dotnet-bot @gewarren