Implement X25519DiffieHellmanCng

[vcsjones]

Contributes to #126206

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR adds a Windows CNG-backed implementation of X25519DiffieHellman (X25519DiffieHellmanCng) to enable interop with CNG keys/providers, and factors shared Curve25519/CNG-blob handling into a reusable Windows helper.

Changes:

• Introduces X25519DiffieHellmanCng (Windows implementation + public surface + non-Windows thrower).
• Refactors Windows X25519 key import/export and public-key reduction logic into X25519WindowsHelpers.
• Adds CNG-focused test coverage and adjusts base tests to account for platforms that can’t roundtrip “unclamped” private scalars.

Show a summary per file

File	Description
src/libraries/System.Security.Cryptography/tests/X25519DiffieHellmanCngTests.cs	Adds CNG-specific tests for construction, export policies, and non-exportable behavior.
src/libraries/System.Security.Cryptography/tests/X25519DiffieHellmanBaseTests.cs	Adds CanRoundTripKeys and shared helper logic for clamped/unclamped private key expectations.
src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj	Includes new test and required Windows/CNG helper sources for the test assembly.
src/libraries/System.Security.Cryptography/tests/CngHelpers.cs	Adds a small test-only helper for mapping NCrypt error codes to CryptographicException.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellmanImplementation.Windows.cs	Switches Windows BCrypt implementation to use the shared helper for reduction/blob operations.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellmanCng.Windows.cs	Implements the Windows CNG key agreement + export logic for X25519DiffieHellmanCng.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellmanCng.cs	Adds the public X25519DiffieHellmanCng API (Windows-only) and docs.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/Cng.NotSupported.cs	Adds non-Windows stubs for X25519DiffieHellmanCng that throw PlatformNotSupportedException.
src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj	Wires new source files into the product build and links the shared Windows helper.
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx	Adds a new resource string for invalid CNG X25519 key usage.
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs	Adds the new public ref surface for X25519DiffieHellmanCng.
src/libraries/Common/src/System/Security/Cryptography/X25519WindowsHelpers.cs	New shared helper for public-key reduction + CNG blob create/export + scalar fixup/refix.
src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.Encrypted.cs	Adds stateful overloads to avoid captures/allocations (supports ref-struct state).
src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.cs	Adds a stateful KeyReader delegate + overload to pass state into PKCS#8 readers.
src/libraries/Common/src/System/Security/Cryptography/ECCng.ImportExport.NamedCurve.cs	Adds an optional flags parameter to ImportKeyBlob to support import flags.
src/libraries/Common/src/Interop/Windows/NCrypt/Interop.NCryptDeriveKeyMaterial.cs	Adds a Span-based P/Invoke overload and TryDeriveKeyMaterialTruncate helper.
src/libraries/Common/src/Interop/Windows/NCrypt/Interop.Keys.cs	Adds a Span-based NCryptExportKey overload for allocation-free export.

Copilot's findings

• Files reviewed: 17/17 changed files
• Comments generated: 9

[Copilot]

Copilot's findings

• Files reviewed: 17/17 changed files
• Comments generated: 0 new