Skip to content

ML-KEM: X509Certificate2.GetMLKemPublicKey #114657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 15, 2025
Merged

ML-KEM: X509Certificate2.GetMLKemPublicKey #114657

merged 5 commits into from
Apr 15, 2025

Conversation

@vcsjones
Copy link
Member

This provides an in-box implementation of X509Certificate2.GetMLKemPublicKey().

Originally, this change included the X509CertificateKeyAccessors for Microsoft.Bcl.Cryptography. However, we cannot meaningfully test this until there is a Windows / .NET Framework implementation of MLKem. The unit tests run for either NetCoreAppCurrent, which is .NET 10 and the implementation of X509CertificateKeyAccessors will be "Just call the one on X509Certificate2". The other target for the unit tests is .NET Framework, which would use the downlevel implementation, but we lack a function MLKem on Windows at the moment.

Instead of including a big chunk of untestable code, I decided to hold off on that part, for now.

@Copilot Copilot AI review requested due to automatic review settings April 14, 2025 21:21
@ghost
Copy link

ghost commented Apr 14, 2025

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

1 similar comment
@ghost
Copy link

ghost commented Apr 14, 2025

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Copilot
Copilot AI reviewed Apr 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces an in-box implementation of X509Certificate2.GetMLKemPublicKey(), exposing the new ML-KEM API and adding the corresponding reflection metadata and unit tests.

  • Implements GetMLKemPublicKey with proper XML documentation and experimental attributes.
  • Updates the reference assembly to expose the new API.
  • Adds unit tests and test data for various ML-KEM certificate scenarios.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs Adds the new GetMLKemPublicKey() implementation with experimental support.
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs Updates the public contract to include GetMLKemPublicKey().
src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/MLKemCertTests.cs Provides tests for the new ML-KEM API under different conditions.
src/libraries/Common/tests/System/Security/Cryptography/MLKemTestData.cs Adds test data including certificate PEM strings for ML-KEM certificates.
Files not reviewed (1)
  • src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj: Language not supported

@vcsjones vcsjones added this to the 10.0.0 milestone Apr 14, 2025
@vcsjones vcsjones requested a review from bartonjs April 14, 2025 21:29
bartonjs
bartonjs approved these changes Apr 14, 2025
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question about a test, otherwise LGTM

This was referenced Apr 15, 2025
Open
Closed
This was referenced Apr 15, 2025
Open
Open
@vcsjones vcsjones merged commit 99a0bd2 into dotnet:main Apr 15, 2025
82 of 87 checks passed
@build-analysis build-analysis bot mentioned this pull request Apr 15, 2025
Closed
@github-actions github-actions bot locked and limited conversation to collaborators May 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels

area-System.Security new-api-needs-documentation

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@vcsjones @bartonjs