[Proposal]: System.Security.Cryptography.Aes has some strange APIs, which make it difficult to use.

[Vincent-X-Zhang]

Summary

• The parent class of type Aes, SymmetricAlgorithm, implements the IDisposable interface, which is only used to clear array elements. I think it is unnecessary.
• Methods such as public int EncryptCbc(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> iv, Span<byte> destination, PaddingMode paddingMode = PaddingMode.PKCS7) do not need the PaddingMode parameter because the Aes class already contains the member variable public virtual PaddingMode Padding.

Motivation

When I use an instance of the Aes class, I often find myself deeply puzzled.

1. An Aes instance allows setting the CipherMode, such as CipherMode.Cfb, but at the same time, it provides a member method like: csharp public byte[] EncryptCbc(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> iv, PaddingMode paddingMode = PaddingMode.PKCS7). Why do both of these exist in the same class?
2. An Aes instance allows setting the PaddingMode. So why is there a need to pass PaddingMode again in the method:public byte[] EncryptCbc(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> iv, PaddingMode paddingMode = PaddingMode.PKCS7)Wouldn't it be better to turn this instance method into an extension method?
3. The class SymmetricAlgorithm implements the IDisposable interface, which appears to only be used for clearing array elements. Here is the source code:

protected virtual void Dispose(bool disposing)
{
    if (disposing)
    {
        if (KeyValue != null)
        {
            Array.Clear(KeyValue);
            KeyValue = null;
        }
        if (IVValue != null)
        {
            Array.Clear(IVValue);
            IVValue = null;
        }
    }
}

Is it really necessary to dispose?

[HaloFour]

.NET API questions are handled by the runtime repo.