Skip to content

Remove ExperimentalAttribute from ML-KEM where applicable #117831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jul 24, 2025
Merged

Remove ExperimentalAttribute from ML-KEM where applicable #117831

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e0cf7d9
Remove experimental from ML-KEM where applicable
vcsjones Jul 18, 2025
4ae98e7
Remove from CNG identifiers
vcsjones Jul 18, 2025
43d7cc7
Merge branch 'main' into ml-kem-move-experimental
vcsjones Jul 19, 2025
5119003
Merge branch 'main' into ml-kem-move-experimental
vcsjones Jul 20, 2025
5a2f22c
Merge branch 'main' into ml-kem-move-experimental
vcsjones Jul 21, 2025
17919a3
Merge branch 'main' into ml-kem-move-experimental
vcsjones Jul 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion src/libraries/Common/src/System/Security/Cryptography/MLKem.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ namespace System.Security.Cryptography
/// cryptographic libraries.
/// </para>
/// </remarks>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public abstract partial class MLKem : IDisposable
{
private static readonly string[] s_knownOids = [Oids.MlKem512, Oids.MlKem768, Oids.MlKem1024];
Expand Down Expand Up @@ -633,6 +632,7 @@ public byte[] ExportEncapsulationKey()
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesWritten)
{
ThrowIfDisposed();
Expand All @@ -651,6 +651,7 @@ public bool TryExportSubjectPublicKeyInfo(Span<byte> destination, out int bytesW
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public byte[] ExportSubjectPublicKeyInfo()
{
ThrowIfDisposed();
Expand All @@ -671,6 +672,7 @@ public byte[] ExportSubjectPublicKeyInfo()
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public string ExportSubjectPublicKeyInfoPem()
{
ThrowIfDisposed();
Expand Down Expand Up @@ -700,6 +702,7 @@ public string ExportSubjectPublicKeyInfoPem()
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritten)
{
ThrowIfDisposed();
Expand Down Expand Up @@ -729,6 +732,7 @@ public bool TryExportPkcs8PrivateKey(Span<byte> destination, out int bytesWritte
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public byte[] ExportPkcs8PrivateKey()
{
ThrowIfDisposed();
Expand All @@ -747,6 +751,7 @@ public byte[] ExportPkcs8PrivateKey()
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public string ExportPkcs8PrivateKeyPem()
{
ThrowIfDisposed();
Expand All @@ -773,6 +778,7 @@ public string ExportPkcs8PrivateKeyPem()
/// <exception cref="CryptographicException">
/// An error occurred while exporting the key.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
protected abstract bool TryExportPkcs8PrivateKeyCore(Span<byte> destination, out int bytesWritten);

/// <summary>
Expand Down Expand Up @@ -811,6 +817,7 @@ public string ExportPkcs8PrivateKeyPem()
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public bool TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan<char> password,
PbeParameters pbeParameters,
Expand Down Expand Up @@ -864,6 +871,7 @@ public bool TryExportEncryptedPkcs8PrivateKey(
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public bool TryExportEncryptedPkcs8PrivateKey(
string password,
PbeParameters pbeParameters,
Expand Down Expand Up @@ -910,6 +918,7 @@ public bool TryExportEncryptedPkcs8PrivateKey(
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public bool TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan<byte> passwordBytes,
PbeParameters pbeParameters,
Expand Down Expand Up @@ -954,6 +963,7 @@ public bool TryExportEncryptedPkcs8PrivateKey(
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(pbeParameters);
Expand Down Expand Up @@ -994,6 +1004,7 @@ public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, P
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(pbeParameters);
Expand Down Expand Up @@ -1034,6 +1045,7 @@ public byte[] ExportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, PbePar
/// <para>-or-</para>
/// <para><paramref name="pbeParameters"/> does not represent a valid password-based encryption algorithm.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(password);
Expand Down Expand Up @@ -1068,6 +1080,7 @@ public byte[] ExportEncryptedPkcs8PrivateKey(string password, PbeParameters pbeP
/// <para>-or-</para>
/// <para>An error occurred while exporting the key.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte> passwordBytes, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(pbeParameters);
Expand Down Expand Up @@ -1109,6 +1122,7 @@ public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<byte> passwordBytes
/// <para>-or-</para>
/// <para>An error occurred while exporting the key.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> password, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(pbeParameters);
Expand Down Expand Up @@ -1150,6 +1164,7 @@ public string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan<char> password, Pbe
/// <para>-or-</para>
/// <para>An error occurred while exporting the key.</para>
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public string ExportEncryptedPkcs8PrivateKeyPem(string password, PbeParameters pbeParameters)
{
ArgumentNullException.ThrowIfNull(password);
Expand Down Expand Up @@ -1182,6 +1197,7 @@ public string ExportEncryptedPkcs8PrivateKeyPem(string password, PbeParameters p
/// The platform does not support ML-KEM. Callers can use the <see cref="IsSupported" /> property
/// to determine if the platform supports ML-KEM.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportSubjectPublicKeyInfo(ReadOnlySpan<byte> source)
{
Helpers.ThrowIfAsnInvalidLength(source);
Expand All @@ -1208,6 +1224,7 @@ static void SubjectPublicKeyReader(ReadOnlyMemory<byte> key, in AlgorithmIdentif
/// <exception cref="ArgumentNullException">
/// <paramref name="source" /> is <see langword="null" />
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportSubjectPublicKeyInfo(byte[] source)
{
ArgumentNullException.ThrowIfNull(source);
Expand Down Expand Up @@ -1244,6 +1261,7 @@ public static MLKem ImportSubjectPublicKeyInfo(byte[] source)
/// The platform does not support ML-KEM. Callers can use the <see cref="IsSupported" /> property
/// to determine if the platform supports ML-KEM.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportPkcs8PrivateKey(ReadOnlySpan<byte> source)
{
Helpers.ThrowIfAsnInvalidLength(source);
Expand All @@ -1258,6 +1276,7 @@ public static MLKem ImportPkcs8PrivateKey(ReadOnlySpan<byte> source)
/// <exception cref="ArgumentNullException">
/// <paramref name="source" /> is <see langword="null" />
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportPkcs8PrivateKey(byte[] source)
{
ArgumentNullException.ThrowIfNull(source);
Expand Down Expand Up @@ -1302,6 +1321,7 @@ public static MLKem ImportPkcs8PrivateKey(byte[] source)
/// The platform does not support ML-KEM. Callers can use the <see cref="IsSupported" /> property
/// to determine if the platform supports ML-KEM.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBytes, ReadOnlySpan<byte> source)
{
Helpers.ThrowIfAsnInvalidLength(source);
Expand Down Expand Up @@ -1347,6 +1367,7 @@ public static MLKem ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<byte> passwordBy
/// The platform does not support ML-KEM. Callers can use the <see cref="IsSupported" /> property
/// to determine if the platform supports ML-KEM.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password, ReadOnlySpan<byte> source)
{
Helpers.ThrowIfAsnInvalidLength(source);
Expand Down Expand Up @@ -1395,6 +1416,7 @@ public static MLKem ImportEncryptedPkcs8PrivateKey(ReadOnlySpan<char> password,
/// The platform does not support ML-KEM. Callers can use the <see cref="IsSupported" /> property
/// to determine if the platform supports ML-KEM.
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportEncryptedPkcs8PrivateKey(string password, byte[] source)
{
ArgumentNullException.ThrowIfNull(password);
Expand Down Expand Up @@ -1441,6 +1463,7 @@ public static MLKem ImportEncryptedPkcs8PrivateKey(string password, byte[] sourc
/// </list>
/// </para>
/// </remarks>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromPem(ReadOnlySpan<char> source)
{
ThrowIfNotSupported();
Expand All @@ -1458,6 +1481,7 @@ public static MLKem ImportFromPem(ReadOnlySpan<char> source)
/// <exception cref="ArgumentNullException">
/// <paramref name="source" /> is <see langword="null" />
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromPem(string source)
{
ArgumentNullException.ThrowIfNull(source);
Expand Down Expand Up @@ -1519,6 +1543,7 @@ public static MLKem ImportFromPem(string source)
/// </para>
/// <para>This method supports the <c>ENCRYPTED PRIVATE KEY</c> PEM label.</para>
/// </remarks>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<char> password)
{
return PemKeyHelpers.ImportEncryptedFactoryPem<MLKem, char>(
Expand Down Expand Up @@ -1577,6 +1602,7 @@ public static MLKem ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySp
/// </para>
/// <para>This method supports the <c>ENCRYPTED PRIVATE KEY</c> PEM label.</para>
/// </remarks>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySpan<byte> passwordBytes)
{
return PemKeyHelpers.ImportEncryptedFactoryPem<MLKem, byte>(
Expand All @@ -1589,6 +1615,7 @@ public static MLKem ImportFromEncryptedPem(ReadOnlySpan<char> source, ReadOnlySp
/// <exception cref="ArgumentNullException">
/// <paramref name="source" /> or <paramref name="password" /> is <see langword="null" />
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromEncryptedPem(string source, string password)
{
ArgumentNullException.ThrowIfNull(source);
Expand All @@ -1601,6 +1628,7 @@ public static MLKem ImportFromEncryptedPem(string source, string password)
/// <exception cref="ArgumentNullException">
/// <paramref name="source" /> or <paramref name="passwordBytes" /> is <see langword="null" />
/// </exception>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public static MLKem ImportFromEncryptedPem(string source, byte[] passwordBytes)
{
ArgumentNullException.ThrowIfNull(source);
Expand Down
1 change: 0 additions & 1 deletion src/libraries/Common/src/System/Security/Cryptography/MLKemAlgorithm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ namespace System.Security.Cryptography
/// </summary>
/// <seealso cref="MLKem" />
[DebuggerDisplay("{Name,nq}")]
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public sealed class MLKemAlgorithm : IEquatable<MLKemAlgorithm>
{
private MLKemAlgorithm(
Expand Down
1 change: 0 additions & 1 deletion src/libraries/Common/src/System/Security/Cryptography/MLKemCng.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ namespace System.Security.Cryptography
/// cryptographic libraries.
/// </para>
/// </remarks>
[Experimental(Experimentals.PostQuantumCryptographyDiagId, UrlFormat = Experimentals.SharedUrlFormat)]
public sealed partial class MLKemCng : MLKem
{
private CngKey _key;
Expand Down
Loading
Loading