runtime: Missing CFB cipher mode

Currently only three modes are supported by .NET Core, (CBC = 1, CTS = 5, ECB = 2). Is there any plan to add CFB support as it has been required by some network protocols (such as SNMP v3)? This mode is available on .NET Framework though.

From where does the limitation of three modes come? The comment in CipherMode does not reveal enough background information.

https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.Primitives/src/System/Security/Cryptography/CipherMode.cs

About this issue

Original URL
State: closed
Created 9 years ago
Reactions: 13
Comments: 20 (8 by maintainers)

Commits related to this issue

Support AES encryption in .NET Standard and .NET Core AES encryption in CFB mode, as required by SNMP, is not currently supported by the built-in cryptography API in .NET Standard and .NET Core (See ... — committed to mattzink/sharpsnmplib by mattzink 6 years ago
Add new project for AES encryption via BouncyCastle AES encryption in CFB mode, as required by SNMP, is not currently supported by the built-in cryptography API in .NET Core (See https://github.com/d... — committed to mattzink/sharpsnmplib by mattzink 6 years ago

Most upvoted comments

Would be really helpful to have CFB mode enabled, up

AGS-hcole on Sep 20, 2019

I also need this for usage of SNMPv3. Hope it gets done in 5.0.

nechvatalp on Jun 3, 2020

Bump

mattzink on Oct 16, 2019

AesImplementation.Unix.cs comments :

// Neither OpenSSL nor Cng Aes support CTS mode. // Cng Aes doesn’t seem to support CFB mode, and that would // require passing in the feedback size. Since Windows doesn’t support it, // we can skip it here, too.

However CNG Docs clearly state that CFB is in fact supported.

OpenSSL also supports it

Apple Common Crypto supports it through CCCryptorCreateWithMode with kCCModeCFB

The comment about passing feedback is valid, but simply requires passing the property.

As others have mentioned, SNMPv3 privacy only supports CFB. SNMP is one of the most important protocols in computer networking.

I would produce a pull request, but I don’t have the means to develop for and test on Mac.

This is a really important feature in the crypto libraries. Please make this a priority. If it’s left undone, it means that people will code for SNMP without privacy.

darrenstarr on May 7, 2019

What is your priority on adding back the CFB mode? (milestone, timeframe…)

CFB is not currently on anyone’s schedule. But given that requests keep trickling in I’ll mark it as 3.0. You’re welcome to do a PR for it, as long as it adds it to all platforms at the same time (and adds tests) 😄.

bartonjs on Oct 8, 2018

I have some initial tests and the start of CFB-via-CNG at https://github.com/bartonjs/corefx/commits/cipher_modes

I just don’t have time to finish tests with TripleDES, DES, and RC2; then also do macOS CommonCrypto and OpenSSL versions… and then negative tests (exceptions for bad feedback size, etc).

If anyone wants to roll with this, a PR providing netfx compatibility that are ready and signed off by the 17th of May will mean it makes 3.0. If it’s not signed off by the 17th of May it starts getting iffy, and (assuming I understand the state of the world correctly) June 1st it becomes “definitely not in 3.0”.

I merely don’t have the time to personally get it done by that deadline.

bartonjs on May 7, 2019