intro ispandataprotector.unprotect \ fix warnings \ dont change timelimiteddataprotectors

Author: DeagleGross

src/DataProtection/Abstractions/src/ISpanDataProtector.cs

@@ -22,6 +22,13 @@ public interface ISpanDataProtector : IDataProtector
     /// <returns>The size of the protected data.</returns>
     int GetProtectedSize(ReadOnlySpan<byte> plainText);
 
+    /// <summary>
+    /// Returns the size of the decrypted data for a given ciphertext length.
+    /// </summary>
+    /// <param name="cipherTextLength">Length of the cipher text that will be decrypted later.</param>
+    /// <returns>The length of the decrypted data.</returns>
+    int GetUnprotectedSize(int cipherTextLength);
+
     /// <summary>
     /// Attempts to encrypt and tamper-proof a piece of data.
     /// </summary>
@@ -30,4 +37,17 @@ public interface ISpanDataProtector : IDataProtector
     /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
     /// <returns>true if destination is long enough to receive the encrypted data; otherwise, false.</returns>
     bool TryProtect(ReadOnlySpan<byte> plainText, Span<byte> destination, out int bytesWritten);
+
+    /// <summary>
+    /// Attempts to validate the authentication tag of and decrypt a blob of encrypted data.
+    /// </summary>
+    /// <param name="cipherText">The encrypted data to decrypt.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// A piece of data which was included in the authentication tag during encryption.
+    /// This input may be zero bytes in length. The same AAD must be specified in the corresponding encryption call.
+    /// </param>
+    /// <param name="destination">The decrypted output.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if decryption was successful; otherwise, false.</returns>
+    bool TryUnprotect(ReadOnlySpan<byte> cipherText, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten);
 }

src/DataProtection/Abstractions/src/PublicAPI.Unshipped.txt

@@ -1,4 +1,6 @@
 #nullable enable
 Microsoft.AspNetCore.DataProtection.ISpanDataProtector
 Microsoft.AspNetCore.DataProtection.ISpanDataProtector.GetProtectedSize(System.ReadOnlySpan<byte> plainText) -> int
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.GetUnprotectedSize(int cipherTextLength) -> int
 Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryProtect(System.ReadOnlySpan<byte> plainText, System.Span<byte> destination, out int bytesWritten) -> bool
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryUnprotect(System.ReadOnlySpan<byte> cipherText, System.ReadOnlySpan<byte> additionalAuthenticatedData, System.Span<byte> destination, out int bytesWritten) -> bool

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ISpanAuthenticatedEncryptor.cs

@@ -24,8 +24,8 @@ public interface ISpanAuthenticatedEncryptor : IAuthenticatedEncryptor
     /// <summary>
     /// Returns the size of the decrypted data for a given ciphertext length.
     /// </summary>
-    /// <param name="cipherTextLength">Length of the cipher text that will be decrypted later</param>
-    /// <returns>The length of the decrypted data</returns>
+    /// <param name="cipherTextLength">Length of the cipher text that will be decrypted later.</param>
+    /// <returns>The length of the decrypted data.</returns>
     int GetDecryptedSize(int cipherTextLength);
 
     /// <summary>
@@ -42,5 +42,16 @@ public interface ISpanAuthenticatedEncryptor : IAuthenticatedEncryptor
     /// <returns>true if destination is long enough to receive the encrypted data; otherwise, false.</returns>
     bool TryEncrypt(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten);
 
+    /// <summary>
+    /// Attempts to validate the authentication tag of and decrypt a blob of encrypted data.
+    /// </summary>
+    /// <param name="cipherText">The encrypted data to decrypt.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// A piece of data which was included in the authentication tag during encryption.
+    /// This input may be zero bytes in length. The same AAD must be specified in the corresponding encryption call.
+    /// </param>
+    /// <param name="destination">The decrypted output.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if decryption was successful; otherwise, false.</returns>
     bool TryDecrypt(ReadOnlySpan<byte> cipherText, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten);
 }

src/DataProtection/DataProtection/src/Cng/CbcAuthenticatedEncryptor.cs

@@ -431,7 +431,6 @@ private uint GetCbcEncryptedOutputSizeWithPadding(uint cbInput)
         byte* pbDummyIV = stackalloc byte[checked((int)_symmetricAlgorithmBlockSizeInBytes)];
         byte* pbDummyInput = stackalloc byte[checked((int)cbInput)];
 
-
         var ntstatus = UnsafeNativeMethods.BCryptEncrypt(
             hKey: tempKeyHandle,
             pbInput: pbDummyInput,

src/DataProtection/DataProtection/src/PublicAPI.Unshipped.txt

@@ -1,4 +1,6 @@
 #nullable enable
 Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ISpanAuthenticatedEncryptor
+Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ISpanAuthenticatedEncryptor.GetDecryptedSize(int cipherTextLength) -> int
 Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ISpanAuthenticatedEncryptor.GetEncryptedSize(int plainTextLength) -> int
+Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ISpanAuthenticatedEncryptor.TryDecrypt(System.ReadOnlySpan<byte> cipherText, System.ReadOnlySpan<byte> additionalAuthenticatedData, System.Span<byte> destination, out int bytesWritten) -> bool
 Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ISpanAuthenticatedEncryptor.TryEncrypt(System.ReadOnlySpan<byte> plaintext, System.ReadOnlySpan<byte> additionalAuthenticatedData, System.Span<byte> destination, out int bytesWritten) -> bool

src/DataProtection/Extensions/src/DataProtectionAdvancedExtensions.cs

@@ -127,23 +127,4 @@ public byte[] Unprotect(byte[] protectedData)
             return _innerProtector.Unprotect(protectedData, out Expiration);
         }
     }
-
-    private class TimeLimitedWrappingSpanProtector : TimeLimitedWrappingProtector, ISpanDataProtector
-    {
-        public TimeLimitedWrappingSpanProtector(ITimeLimitedDataProtector innerProtector) : base(innerProtector)
-        {
-        }
-
-        public int GetProtectedSize(ReadOnlySpan<byte> plainText)
-        {
-            var inner = (ISpanDataProtector)_innerProtector;
-            return inner.GetProtectedSize(plainText);
-        }
-
-        public bool TryProtect(ReadOnlySpan<byte> plainText, Span<byte> destination, out int bytesWritten)
-        {
-            var inner = (ISpanDataProtector)_innerProtector;
-            return inner.TryProtect(plainText, destination, out bytesWritten);
-        }
-    }
 }

src/DataProtection/Extensions/src/TimeLimitedDataProtector.cs

@@ -35,11 +35,6 @@ public ITimeLimitedDataProtector CreateProtector(string purpose)
         ArgumentNullThrowHelper.ThrowIfNull(purpose);
 
         var protector = _innerProtector.CreateProtector(purpose);
-        if (protector is ISpanDataProtector spanDataProtector)
-        {
-            return new TimeLimitedSpanDataProtector(spanDataProtector);
-        }
-
         return new TimeLimitedDataProtector(protector);
     }