nanoframework
diff --git a/‎README.md‎
Lines changed: 12 additions & 6 deletions b/‎README.md‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎System.Security.Cryptography/Aes.cs‎
Lines changed: 38 additions & 149 deletions b/‎System.Security.Cryptography/Aes.cs‎
Lines changed: 38 additions & 149 deletions
diff --git a/‎System.Security.Cryptography/CipherMode.cs‎
Lines changed: 32 additions & 0 deletions b/‎System.Security.Cryptography/CipherMode.cs‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎System.Security.Cryptography/Properties/AssemblyInfo.cs‎
Lines changed: 1 addition & 1 deletion b/‎System.Security.Cryptography/Properties/AssemblyInfo.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎System.Security.Cryptography/System.Security.Cryptography.nfproj‎
Lines changed: 2 additions & 1 deletion b/‎System.Security.Cryptography/System.Security.Cryptography.nfproj‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎Tests/System.Security.CryptographyTests/AESTests.cs‎
Lines changed: 0 additions & 39 deletions b/‎Tests/System.Security.CryptographyTests/AESTests.cs‎
Lines changed: 0 additions & 39 deletions
@@ -16,7 +16,7 @@ This repository contains the nanoFramework System.Security.Cryptography class li
 
 ## System.Security.Cryptography usage
 
-This library brings to .NET nanoFramework C# applications the equivalent implementations provided by Mbed TLS. The target there the code is going to be deployed has to have a firmware image built with this namespace enabled. 
+This library brings to .NET nanoFramework C# applications the equivalent implementations provided by Mbed TLS. The target there the code is going to be deployed has to have a firmware image built with this namespace enabled.
 
 ### HMAC SHA256
 
@@ -33,25 +33,30 @@ byte[] hash = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(encodedUri + "\n" +
 
 string sig = Convert.ToBase64String(hash);
 ```
+
 ### AES
 
 Advanced Encryption Standard (AES)
 
-This version supports only the ECB mode
+[AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) is a variant of the Rijndael block cipher with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
+
+The current version has support for the ECB mode. Others will be added.
+The following example demonstrates how to encrypt and decrypt sample data by using the AES class.
 
-The following example demonstrates how to encrypt and decrypt sample data by using the Aes class.
+Note that the input data has to be multiple of 16 bits, otherwise an exception will be thrown.
+Data shorter than that should be padded with zeros.
 
 ```csharp
 //Sample Usage
 string clearText = "Nanoframework";
 byte[] clearTextByteArray = Encoding.UTF8.GetBytes(clearText);
+// please note the array size: 16 bytes
 byte[] clearTextByteArrayWithPadding = new byte[16];
 Array.Copy(clearTextByteArray, 0, clearTextByteArrayWithPadding, 0, clearTextByteArray.Length);
 
 // Create a new instance of the Aes
-AES aes = new AES();
-aes.Mode = CipherMode.ECB;
-byte[] key = new byte[16] { 62, 110, 51, 201, 203, 48, 62, 150, 90, 219, 42, 55, 221, 109, 13, 93 };
+AES aes = new AES(CipherMode.ECB);
+aes.Key = new byte[16] { 198, 49, 248, 31, 20, 7, 226, 232, 208, 100, 15, 11, 2, 32, 213, 243 };
 
 // Encrypt the bytes to a string.
 var enData = aes.Encrypt(key, clearTextByteArrayWithPadding);
@@ -63,6 +68,7 @@ var decryptedByteArray = aes.Decrypt(enData, key);
 string decryptedText = Encoding.UTF8.GetString(decryptedByteArray);
 Debug.WriteLine(decryptedText);
 ```
+
 ## Feedback and documentation
 
 For documentation, providing feedback, issues and finding out how to contribute please refer to the [Home repo](https://github.com/nanoframework/Home).
 
@@ -3,190 +3,79 @@
 // See LICENSE file in the project root for full license information.
 //
 
-using System;
+using System.Runtime.CompilerServices;
 
 namespace System.Security.Cryptography
 {
     /// <summary>
-    /// Specifies the block cipher mode to use for encryption.
+    /// Provides an Advanced Encryption Standard (AES) algorithm to encrypt and decrypt data.
     /// </summary>
-    public enum CipherMode 
+    public class Aes
     {
-        /// <summary>
-        /// The Electronic Codebook (ECB) mode encrypts each block individually. Any blocks
-        /// of plain text that are identical and in the same message, or that are in a different
-        /// message encrypted with the same key, will be transformed into identical cipher
-        /// text blocks. Important: This mode is not recommended because it opens the door
-        /// for multiple security exploits. If the plain text to be encrypted contains substantial
-        /// repetition, it is feasible for the cipher text to be broken one block at a time.
-        /// It is also possible to use block analysis to determine the encryption key. Also,
-        /// an active adversary can substitute and exchange individual blocks without detection,
-        /// which allows blocks to be saved and inserted into the stream at other points
-        /// without detection.
-        /// </summary>
-        ECB = 2
-    }
+        private CipherMode _mode;
+        private byte[] _key;
 
-    /// <summary>
-    /// Encryption Standard (AES)
-    /// </summary>
-    public class AES
-    {
         /// <summary>
         /// Gets or sets the mode for operation of the symmetric algorithm.
         /// </summary>
-        /// <returns>The mode for operation of the symmetric algorithm. The default is System.Security.Cryptography.CipherMode.ECB.</returns>
-        public virtual CipherMode Mode { get; set; } = CipherMode.ECB;
-
-        /// <summary>
-        ///  Initializes a new instance of the System.Security.Cryptography.Aes class.
-        /// </summary>
-        public AES()
-        {
-            
-        }
-        /// <summary>
-        /// Encrypt the array of bytes.
-        /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="data">The array of byte for encryption</param>
-        /// <returns>The encrypted array of bytes</returns>
-        public byte[] Encrypt(byte[] key, byte[] data)
-        {
-            byte[] buf = null;
-
-            if (Mode == CipherMode.ECB)
-            {
-                buf = EncryptAesEcb(key, data);
-            }
-
-            return buf;
-        }
+        /// <value>The mode for operation of the symmetric algorithm.</value>
+        public CipherMode Mode { get => _mode; set => _mode = value; }
 
         /// <summary>
-        /// Decrypt the array of bytes.
+        /// Gets or sets the secret key for the symmetric algorithm.
         /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="data">The encrypted array of byte for decryption</param>
-        /// <returns>The decrypted array of bytes</returns>
-        public byte[] Decrypt(byte[] key, byte[] data)
-        {
-            byte[] buf = null;
-
-            if (Mode == CipherMode.ECB)
-            {
-                buf = DecryptAesEcb(key, data);
-            }
-
-            return buf;
-        }
+        /// <value>The secret key for the symmetric algorithm.</value>
+        public byte[] Key { get => _key; set => _key = value; }
 
         /// <summary>
-        /// Encrypt the array of bytes In ECB Mode
+        /// Initializes a new instance of the <see cref="Aes"/> class.
         /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="data">Array of byte for encryption</param>
-        /// <returns>The encrypted array of bytes</returns>
-        private byte[] EncryptAesEcb(byte[] key, byte[] data)
+        /// <remarks>
+        /// This implementation of the AES is specific to .NET nanoFramework.
+        /// </remarks>
+        public Aes(CipherMode mode)
         {
-            int blockSize = 16; // AES block size is 128 bits (16 bytes)
-            int blockCount = data.Length / blockSize;
-            int remainder = data.Length % blockSize;
-
-            byte[] encryptedData = new byte[data.Length];
-
-            for (int i = 0; i < blockCount; i++)
-            {
-                byte[] block = new byte[blockSize];
-                Array.Copy(data, i * blockSize, block, 0, blockSize);
-                EncryptBlock(key, block);
-                Array.Copy(block, 0, encryptedData, i * blockSize, blockSize);
-            }
-
-            // If there is a remainder, pad the last block and encrypt
-            if (remainder > 0)
-            {
-                byte[] lastBlock = new byte[blockSize];
-                Array.Copy(data, blockCount * blockSize, lastBlock, 0, remainder);
-                EncryptBlock(key, lastBlock);
-                Array.Copy(lastBlock, 0, encryptedData, blockCount * blockSize, remainder);
-            }
-
-            return encryptedData;
+            Mode = mode;
         }
 
         /// <summary>
-        /// XOR the block of data with key
+        /// Encrypts data using the cipher specified in <see cref="Mode"/>.
         /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="block">The block of data for XOR opration with secret key</param>
-        /// <exception cref="ArgumentException">Key and block must have the same length.</exception>
-        private void EncryptBlock(byte[] key, byte[] block)
+        /// <param name="data">The data to encrypt.</param>
+        /// <returns>The encrypted ciphertext data.</returns>
+        /// <exception cref="InvalidOperationException">If the <see cref="Key"/> hasn't been set.</exception>
+        /// <exception cref="ArgumentException">If the data in not a multiple of the block size (16 bytes for AES).</exception>
+        public byte[] Encrypt(byte[] data)
         {
-            // Ensure that the key and block have the same length
-            if (key.Length != block.Length)
+            if (Mode == CipherMode.ECB)
             {
-                throw new ArgumentException();
+                return EncryptAesEcb(data);
             }
 
-            for (int i = 0; i < block.Length; i++)
-            {
-                block[i] = (byte)(block[i] ^ key[i]);
-            }
+            throw new NotSupportedException();
         }
 
         /// <summary>
-        /// Decrypt the array of bytes In ECB Mode
+        /// Decrypts data using cipher specified in <see cref="Mode"/>.
         /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="data">The encrypted array of byte for decryption</param>
-        /// <returns>The decrypted array of bytes</returns>
-        private byte[] DecryptAesEcb(byte[] key, byte[] data)
+        /// <param name="data">The data to decrypt.</param>
+        /// <returns>The decrypted plaintext data.</returns>
+        /// <exception cref="InvalidOperationException">If the <see cref="Key"/> hasn't been set.</exception>
+        /// <exception cref="ArgumentException">If the data in not a multiple of the block size (16 bytes for AES).</exception>
+        public byte[] Decrypt(byte[] data)
         {
-            int blockSize = 16; // AES block size is 128 bits (16 bytes)
-            int blockCount = data.Length / blockSize;
-            int remainder = data.Length % blockSize;
-
-            byte[] decryptedData = new byte[data.Length];
-
-            for (int i = 0; i < blockCount; i++)
-            {
-                byte[] block = new byte[blockSize];
-                Array.Copy(data, i * blockSize, block, 0, blockSize);
-                DecryptBlock(key, block);
-                Array.Copy(block, 0, decryptedData, i * blockSize, blockSize);
-            }
-
-            // If there is a remainder, pad the last block and decrypt
-            if (remainder > 0)
+            if (Mode == CipherMode.ECB)
             {
-                byte[] lastBlock = new byte[blockSize];
-                Array.Copy(data, blockCount * blockSize, lastBlock, 0, remainder);
-                DecryptBlock(key, lastBlock);
-                Array.Copy(lastBlock, 0, decryptedData, blockCount * blockSize, remainder);
+                return DecryptAesEcb(data);
             }
 
-            return decryptedData;
+            throw new NotSupportedException();
         }
 
-        /// <summary>
-        /// XOR the block of data with key
-        /// </summary>
-        /// <param name="key">The secret key to use for the symmetric algorithm.</param>
-        /// <param name="block">The block of data for XOR opration with secret key</param>
-        /// <exception cref="ArgumentException">Key and block must have the same length.</exception>
-        private void DecryptBlock(byte[] key, byte[] block)
-        {
-            // Ensure that the key and block have the same length
-            if (key.Length != block.Length)
-            {
-                throw new ArgumentException();
-            }
+        [MethodImpl(MethodImplOptions.InternalCall)]
+        private extern byte[] EncryptAesEcb(byte[] data);
 
-            for (int i = 0; i < block.Length; i++)
-            {
-                block[i] = (byte)(block[i] ^ key[i]);
-            }
-        }
+        [MethodImpl(MethodImplOptions.InternalCall)]
+        private extern byte[] DecryptAesEcb(byte[] data);
     }
 }
@@ -0,0 +1,32 @@
+//
+// Copyright (c) .NET Foundation and Contributors
+// See LICENSE file in the project root for full license information.
+//
+
+namespace System.Security.Cryptography
+{
+    /// <summary>
+    /// Specifies the block cipher mode to use for encryption.
+    /// </summary>
+    public enum CipherMode
+    {
+        /// <summary>
+        /// No cipher mode set. 
+        /// </summary>
+        None = 0,
+
+        /// <summary>
+        /// The Electronic Codebook (ECB) mode encrypts each block individually. Any blocks
+        /// of plain text that are identical and in the same message, or that are in a different
+        /// message encrypted with the same key, will be transformed into identical cipher
+        /// text blocks. **Important:** This mode is not recommended because it opens the door
+        /// for multiple security exploits. If the plain text to be encrypted contains substantial
+        /// repetition, it is feasible for the cipher text to be broken one block at a time.
+        /// It is also possible to use block analysis to determine the encryption key. Also,
+        /// an active adversary can substitute and exchange individual blocks without detection,
+        /// which allows blocks to be saved and inserted into the stream at other points
+        /// without detection.
+        /// </summary>
+        ECB = 2
+    }
+}
@@ -16,5 +16,5 @@
 
 ////////////////////////////////////////////////////////////////
 // update this whenever the native assembly signature changes //
-[assembly: AssemblyNativeVersion("100.0.0.1")]
+[assembly: AssemblyNativeVersion("100.0.0.2")]
 ////////////////////////////////////////////////////////////////
@@ -43,7 +43,8 @@
   </ItemGroup>
   <Import Project="$(NanoFrameworkProjectSystemPath)NFProjectSystem.props" Condition="Exists('$(NanoFrameworkProjectSystemPath)NFProjectSystem.props')" />
   <ItemGroup>
-    <Compile Include="AES.cs" />
+    <Compile Include="CipherMode.cs" />
+    <Compile Include="Aes.cs" />
     <Compile Include="HMACSHA256.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>