address PR comments

Author: DeagleGross

src/DataProtection/DataProtection/src/KeyManagement/KeyManagementOptions.cs

@@ -23,7 +23,7 @@ public class KeyManagementOptions
     /// <summary>
     /// Initializes a new instance of <see cref="KeyManagementOptions"/>.
     /// </summary>
-    public KeyManagementOptions()
+    public KeyManagementOptions()   
     {
     }
 
@@ -111,7 +111,7 @@ internal static TimeSpan MaxServerClockSkew
     /// <remarks>
     /// Settable for testing.
     /// </remarks>
-    internal TimeSpan DefaultKeyResolverRetryDelay { get; set; } = TimeSpan.FromMilliseconds(200.0);
+    internal TimeSpan DefaultKeyResolverRetryDelay { get; set; } = TimeSpan.FromMilliseconds(200);
 
     /// <summary>
     /// Controls the lifetime (number of days before expiration)

src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs

@@ -168,8 +168,6 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
         protectedPayload.Validate();
         additionalAuthenticatedData.Validate();
 
-        var protectedPayloadSpan = protectedPayload.AsSpan();
-
         // Argument checking - input must at the absolute minimum contain a key modifier, IV, and MAC
         if (protectedPayload.Count < checked(KEY_MODIFIER_SIZE_IN_BYTES + _symmetricAlgorithmBlockSizeInBytes + _validationAlgorithmDigestLengthInBytes))
         {
@@ -194,7 +192,7 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                 ciphertextOffset = ivOffset + _symmetricAlgorithmBlockSizeInBytes;
             }
 
-            ReadOnlySpan<byte> keyModifier = protectedPayload.Array!.AsSpan().Slice(keyModifierOffset, ivOffset - keyModifierOffset);
+            ReadOnlySpan<byte> keyModifier = protectedPayload.Array!.AsSpan(keyModifierOffset, ivOffset - keyModifierOffset);
 
             // Step 2: Decrypt the KDK and use it to restore the original encryption and MAC keys.
             // We pin all unencrypted keys to limit their exposure via GC relocation.
@@ -245,8 +243,8 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                     using var symmetricAlgorithm = CreateSymmetricAlgorithm(key: decryptionSubkey);
 
                     // note: here protectedPayload.Array is taken without an offset (cant use AsSpan() on ArraySegment)
-                    var ciphertext = protectedPayload.Array.AsSpan().Slice(ciphertextOffset, macOffset - ciphertextOffset);
-                    var iv = protectedPayload.Array.AsSpan().Slice(ivOffset, _symmetricAlgorithmBlockSizeInBytes);
+                    var ciphertext = protectedPayload.Array.AsSpan(ciphertextOffset, macOffset - ciphertextOffset);
+                    var iv = protectedPayload.Array.AsSpan(ivOffset, _symmetricAlgorithmBlockSizeInBytes);
 
                     return symmetricAlgorithm.DecryptCbc(ciphertext, iv); // symmetricAlgorithm is created with CBC mode
 #else

src/DataProtection/DataProtection/src/SP800_108/ManagedSP800_108_CTR_HMACSHA512.cs

@@ -116,13 +116,13 @@ public static void DeriveKeys(
                 if (operationSubKeyIndex < operationSubKey.Length) // meaning we need to write to operationSubKey
                 {
                     var destination = operationSubKey.Slice(operationSubKeyIndex, bytesToWrite);
-                    prfOutput.AsSpan().Slice(0, bytesToWrite).CopyTo(destination);
+                    prfOutput.AsSpan(0, bytesToWrite).CopyTo(destination);
                     operationSubKeyIndex += bytesToWrite;
                 }
                 if (operationSubKeyIndex == operationSubKey.Length && leftOverBytes != 0) // we have filled the operationSubKey. It's time for the validationSubKey
                 {
                     var destination = validationSubKey.Slice(validationSubKeyIndex, leftOverBytes);
-                    prfOutput.AsSpan().Slice(bytesToWrite, leftOverBytes).CopyTo(destination);
+                    prfOutput.AsSpan(bytesToWrite, leftOverBytes).CopyTo(destination);
                     validationSubKeyIndex += leftOverBytes;
                 }
 
@@ -136,6 +136,10 @@ public static void DeriveKeys(
         }
     }
 
+    /// <remarks>
+    /// Probably, you would want to use similar method <see cref="DeriveKeys(byte[], ReadOnlySpan{byte}, ReadOnlySpan{byte}, ReadOnlySpan{byte}, Func{byte[], HashAlgorithm}, Span{byte}, Span{byte})"/>.
+    /// It is more efficient allowing to skip an allocation of `combinedContext` and writing directly into passed Spans
+    /// </remarks>
     public static void DeriveKeysWithContextHeader(byte[] kdk, ArraySegment<byte> label, byte[] contextHeader, ArraySegment<byte> context, Func<byte[], HashAlgorithm> prfFactory, ArraySegment<byte> output)
     {
         var combinedContext = new byte[checked(contextHeader.Length + context.Count)];