feat(derive_encrypt): C# bindings

[Sébastien Duquette (sduquette-devolutions)]

Add derive_encrypt to the C# wrapper. Also add conformity tests to the different wrappers.

[Copilot]

Pull request overview

This PR adds derive-encrypt/derive-decrypt support to the C# wrapper (via new P/Invoke bindings and managed convenience APIs) and extends the cross-language “conformity” test suite to validate that a known KdfEncryptedData V1 blob decrypts identically across all supported wrappers.

Changes:

• Add C# managed APIs and native (DllImport) bindings for deriving an encryption key from a password, encrypting into a self-contained blob, and decrypting that blob.
• Introduce DataType.KdfEncryptedData in the C# wrapper to allow header/type validation of derive-encrypt blobs.
• Add/extend conformity tests in Rust, WASM/TypeScript, Swift, Kotlin, Python, and C# to verify deriveDecryptWithPassword for a known V1 test vector.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
wrappers/wasm/tests/tests/conformity.ts	Adds a conformity test vector for deriveDecryptWithPassword V1 in the WASM wrapper tests.
wrappers/swift/DevolutionsCryptoSwift/Tests/DevolutionsCryptoSwiftTests/ConformityTests.swift	Adds a Swift conformity test ensuring V1 derive-decrypt matches the expected plaintext.
wrappers/python/tests/conformity.py	Adds a Python conformity test for derive_decrypt_with_password V1.
wrappers/kotlin/lib/src/test/kotlin/org/devolutions/crypto/ConformityTest.kt	Adds a Kotlin/JVM conformity test for deriveDecryptWithPassword V1.
wrappers/csharp/tests/unit-tests/TestManaged.cs	Adds C# unit tests covering derive-encrypt/derive-decrypt roundtrips, AAD behavior, wrong password failure, and version selection.
wrappers/csharp/tests/unit-tests/Conformity.cs	Adds a C# conformity test ensuring a known V1 blob decrypts to the expected plaintext (plus formatting cleanup).
wrappers/csharp/src/Native.Core.cs	Adds new C# P/Invoke declarations for derive-encrypt size/encrypt/decrypt native entrypoints.
wrappers/csharp/src/Managed.cs	Implements managed C# APIs DeriveEncryptWithPassword and DeriveDecryptWithPassword.
wrappers/csharp/src/Enums.cs	Adds DataType.KdfEncryptedData = 9 to align with the core library’s data type IDs.
tests/conformity.rs	Adds a Rust conformity test that deserializes KdfEncryptedData and decrypts it with a password.
ffi/src/lib.rs	Adds FFI functions to derive-encrypt using caller-supplied serialized DerivationParameters (size + encrypt), supporting wrapper implementations.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Sébastien Duquette (sduquette-devolutions)]

Codex (@codex)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 93b0efd837

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "Codex (@codex) review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".

[chatgpt-codex-connector]

Trim the derive-encrypt buffer to bytes written

When callers pass a DerivationParameters created from serialized bytes with trailing padding, the Rust parser accepts the parameters but reserializes only the canonical bytes, so DeriveEncryptDataWithParamsNative can return res < result.Length. Returning the untrimmed buffer appends zero padding to the KDF-encrypted blob, and DeriveDecryptWithPassword then rejects it because KdfEncryptedDataV1::try_from requires the serialized length to match exactly. Resize to res here as the decrypt path already does.

Useful? React with 👍 / 👎.