[Breaking change]: AesGcm constructors without a tag size are obsolete #35338
Labels
breaking-change
Indicates a .NET Core breaking change
🏁 Release: .NET 8
Work items for the .NET 8 release
doc-idea
Indicates issues that are suggestions for new topics [org][type][category]
Pri1
High priority, do before Pri2 and Pri3
📌 seQUESTered
Identifies that an issue has been imported into Quest.
source incompatible
Source code may encounter a breaking change in behavior when targeting the new version.
Description
The constructors for
System.Security.Cryptography.AesGcm
that do not accept atagSizeInBytes
parameter have been marked obsolete in favor of new constructors that accept the required tag size.Version
.NET 8 Preview 5
Previous behavior
The
AesGcm(byte[] key)
andAesGcm(ReadOnlySpan<byte> key)
constructors were not obsolete.New behavior
The
AesGcm(byte[] key)
andAesGcm(ReadOnlySpan<byte> key)
constructors have been marked as obsolete.Type of breaking change
Reason for change
AES-GCM supports tags of various lengths, from 12 to 16 bytes, depending on the platform. Previously, the
AesGcm
class would determine the desired tag size based on the size of the tag itself. For example, ifDecrypt
was used with a 14 byte tag, it was assumed the tag was supposed to be 14 bytes.However, AES-GCM supports these various lengths by truncation. AES-GCM natively produces 16 byte tags, and shorter tags are produced by truncating the tag.
If callers of
Decrypt
get the tag from input and pass the tag as-is, this would effectively allowDecrypt
to be used with the shortest possible tag, which reduces the effective size of the tag.To help consumers ensure they are using tags of the correct size, new constructors for
AesGcm
were introduced which require up-front declaring the size of the expected tag. DuringEncrypt
orDecrypt
, the suppliedtag
parameter must match the size declared in the constructor.Recommended action
Use a constructor that accepts the desired tag size.
For example, if 128-bit or 16-byte tags were being used, replace:
with
Feature area
Cryptography
Affected APIs
Associated WorkItem - 97019
The text was updated successfully, but these errors were encountered: