Improve AES-KWP for Windows

[vcsjones]

This is the follow up to #129911.

This is the Windows "Implementation" counterpart to AES-KWP. Like Apple, the performance improvements are 5x-20x faster and allocations go from input-length aligned to constant.

This makes also one other small improvement I noticed after I merged the apple changes - we don't need a custom delegate type. We only need Func. Originally I had the delegate signature have an out, but it went away, so the need for a custom delegate went away too.

Benchmark:

Method	Job	PlaintextLength	Mean	Ratio	Allocated	Alloc Ratio
EncryptKeyWrapPadded	branch	1	537.3 ns	0.99	88 B	1.00
EncryptKeyWrapPadded	main	1	544.0 ns	1.00	88 B	1.00
DecryptKeyWrapPadded	branch	1	556.9 ns	0.99	88 B	1.00
DecryptKeyWrapPadded	main	1	565.1 ns	1.00	88 B	1.00
EncryptKeyWrapPadded	branch	8	542.0 ns	0.94	88 B	1.00
EncryptKeyWrapPadded	main	8	574.3 ns	1.00	88 B	1.00
DecryptKeyWrapPadded	branch	8	562.6 ns	1.01	88 B	1.00
DecryptKeyWrapPadded	main	8	556.4 ns	1.00	88 B	1.00
EncryptKeyWrapPadded	branch	15	928.7 ns	0.14	88 B	0.08
EncryptKeyWrapPadded	main	15	6,582.2 ns	1.00	1056 B	1.00
DecryptKeyWrapPadded	branch	15	928.3 ns	0.14	88 B	0.08
DecryptKeyWrapPadded	main	15	6,845.7 ns	1.00	1056 B	1.00
EncryptKeyWrapPadded	branch	16	960.1 ns	0.14	88 B	0.08
EncryptKeyWrapPadded	main	16	6,792.0 ns	1.00	1056 B	1.00
DecryptKeyWrapPadded	branch	16	923.1 ns	0.12	88 B	0.08
DecryptKeyWrapPadded	main	16	7,506.2 ns	1.00	1056 B	1.00
EncryptKeyWrapPadded	branch	512	14,375.8 ns	0.07	88 B	0.003
EncryptKeyWrapPadded	main	512	209,731.5 ns	1.00	33794 B	1.000
DecryptKeyWrapPadded	branch	512	12,935.9 ns	0.06	88 B	0.003
DecryptKeyWrapPadded	main	512	213,465.4 ns	1.00	33794 B	1.000
EncryptKeyWrapPadded	branch	513	13,531.5 ns	0.06	88 B	0.003
EncryptKeyWrapPadded	main	513	210,454.6 ns	1.00	34322 B	1.000
DecryptKeyWrapPadded	branch	513	12,787.1 ns	0.06	88 B	0.003
DecryptKeyWrapPadded	main	513	214,187.2 ns	1.00	34322 B	1.000
EncryptKeyWrapPadded	branch	4096	110,426.7 ns	0.07	88 B	0.000
EncryptKeyWrapPadded	main	4096	1,670,374.7 ns	1.00	270351 B	1.000
DecryptKeyWrapPadded	branch	4096	99,576.4 ns	0.06	88 B	0.000
DecryptKeyWrapPadded	main	4096	1,683,202.4 ns	1.00	270351 B	1.000
EncryptKeyWrapPadded	branch	4097	104,499.7 ns	0.06	88 B	0.000
EncryptKeyWrapPadded	main	4097	1,666,576.3 ns	1.00	270879 B	1.000
DecryptKeyWrapPadded	branch	4097	97,603.9 ns	0.05	88 B	0.000
DecryptKeyWrapPadded	main	4097	1,813,706.9 ns	1.00	270879 B	1.000

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR updates the Windows AesImplementation to use a reusable “lite” ECB cipher for RFC 5649 AES Key Wrap with Padding (AES-KWP), avoiding repeated handle setup/teardown during the wrap/unwrap loops. It also simplifies the internal helper plumbing in Aes by replacing a bespoke delegate type with Func<...> for the ECB transform callback.

Changes:

• Add Windows overrides for EncryptKeyWrapPaddedCore / DecryptKeyWrapPaddedCore that route AES-KWP through ILiteSymmetricCipher.Transform.
• Remove the KeyWrapEcbTransform<TState> helper delegate and use Func<TState, ReadOnlySpan<byte>, Span<byte>, int> instead.

Show a summary per file

File	Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/AesImplementation.Windows.cs	Adds Windows AES-KWP fast-path using BasicSymmetricCipherLiteBCrypt (ECB) via GetKey().UseKey(...) and ILiteSymmetricCipher.Transform.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Aes.cs	Replaces the internal custom delegate used by AES-KWP helpers with Func<...> and updates the helper method signatures accordingly.

Copilot's findings

• Files reviewed: 2/2 changed files
• Comments generated: 0