Implement X25519 for Android#129129
Open
vcsjones wants to merge 11 commits into
Open
Conversation
vcsjones
added
area-System.Security
cryptographic-docs-impact
Contributor
|
Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Android support for X25519DiffieHellman by introducing a new Android-native (JNI) X25519 implementation and wiring it up through managed interop, while also extracting a couple of shared encoding helpers from the base type to support Android’s key format requirements.
Changes:
- Implement X25519 key generation, import/export (SPKI/PKCS#8), and secret derivation in
System.Security.Cryptography.Native.Androidand expose it via newInterop.AndroidCryptoentrypoints. - Add
X25519DiffieHellmanImplementation.Androidmanaged implementation, including deterministic SPKI/PKCS#8 transcoding and deriving the public key from an imported private key. - Extend
KeyFormatHelperwith an optional “permit parameters” validation flag and update theIsSupportedtest expectation for Android API 33+.
Show a summary per file
| File | Description |
|---|---|
| src/native/libs/System.Security.Cryptography.Native.Android/pal_x25519.h | Declares Android-native X25519 entrypoints (support check, key gen/import/export, derive). |
| src/native/libs/System.Security.Cryptography.Native.Android/pal_x25519.c | JNI implementation for XDH-based X25519 operations and encoded key handling. |
| src/native/libs/System.Security.Cryptography.Native.Android/pal_jni.h | Adds cached java/security/Key.getEncoded() JNI handles. |
| src/native/libs/System.Security.Cryptography.Native.Android/pal_jni.c | Initializes new g_KeyClass / g_KeyGetEncoded JNI globals. |
| src/native/libs/System.Security.Cryptography.Native.Android/CMakeLists.txt | Includes pal_x25519.c in the Android crypto native build. |
| src/libraries/System.Security.Cryptography/tests/X25519DiffieHellmanImplementationTests.cs | Updates platform support expectation to include Android API level 33+. |
| src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellmanImplementation.Android.cs | Adds managed Android implementation with key transcoding and public-key recovery from private key. |
| src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellman.cs | Extracts reusable PKCS#8/SPKI writer helpers and shares fixed-size constants for implementations. |
| src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj | Wires in Android implementation and new Android interop source under UseAndroidCrypto. |
| src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.cs | Adds permitParameters option to SPKI/PKCS#8 readers to enforce “no parameters” where needed. |
| src/libraries/Common/src/Interop/Android/System.Security.Cryptography.Native.Android/Interop.X25519.cs | Adds P/Invoke surface + SafeHandle wrappers for X25519 Android-native entrypoints. |
Copilot's findings
- Files reviewed: 11/11 changed files
- Comments generated: 0
Member
Author
|
/azp run runtime-android |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bartonjs
reviewed
Jun 8, 2026
Member
Author
|
/azp run runtime-android |
|
Azure Pipelines successfully started running 1 pipeline(s). |
bartonjs
reviewed
Jun 8, 2026
bartonjs
approved these changes
Jun 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This implements X25519 for Android. Some things that make this "unique"
Android cannot work with raw key bytes for X25519. It wants SubjectPublicKeyInfo or PKCS#8. So we have to transcode the keys as needed. Some of the base
X25519DiffieHellman's key handling was extracted as a result.Android has two distinct key handles - a private key and a public key handle. It's natural to assume that if you have the private key, then you also know the public key. When you generate a key, it gives you back both the public key and private keys.
When you import a private key, you only get the private key handle back. We need the public key handle for exporting purposes. The key export APIs only give you "the" key type. If we only have the private key handle, we can only ask it for the private key when encoding. We can't say "Give me back the SubjectPublicKeyInfo for this private key".
To make this work, we have to recover the public key from the private key. Fortunately X25519 makes this very easy: you just do X25519(9, privateKey) where, which gives the public key:
So when we import the private key, we also do X25519 with "9", and the result of that is the public key. This permits us to fully reconstitute the key pair.
Contributes to #126206