use same overload in decrypt()

DeagleGross · DeagleGross · commit 6ec76d35843c · 2024-12-17T15:36:29.000+01:00
diff --git a/src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs b/src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs
@@ -194,20 +194,18 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                 ciphertextOffset = ivOffset + _symmetricAlgorithmBlockSizeInBytes;
             }
 
-            ArraySegment<byte> keyModifier = new ArraySegment<byte>(protectedPayload.Array!, keyModifierOffset, ivOffset - keyModifierOffset);
+            ReadOnlySpan<byte> keyModifier = protectedPayload.Array!.AsSpan().Slice(keyModifierOffset, ivOffset - keyModifierOffset);
 
             // Step 2: Decrypt the KDK and use it to restore the original encryption and MAC keys.
             // We pin all unencrypted keys to limit their exposure via GC relocation.
 
             var decryptedKdk = new byte[_keyDerivationKey.Length];
             var decryptionSubkey = new byte[_symmetricAlgorithmSubkeyLengthInBytes];
             var validationSubkey = new byte[_validationAlgorithmSubkeyLengthInBytes];
-            var derivedKeysBuffer = new byte[checked(decryptionSubkey.Length + validationSubkey.Length)];
 
             fixed (byte* __unused__1 = decryptedKdk)
             fixed (byte* __unused__2 = decryptionSubkey)
             fixed (byte* __unused__3 = validationSubkey)
-            fixed (byte* __unused__4 = derivedKeysBuffer)
             {
                 try
                 {
@@ -218,10 +216,8 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                         contextHeader: _contextHeader,
                         contextData: keyModifier,
                         prfFactory: _kdkPrfFactory,
-                        output: new ArraySegment<byte>(derivedKeysBuffer));
-
-                    derivedKeysBuffer.AsSpan().Slice(start: 0, length: decryptionSubkey.Length).CopyTo(decryptionSubkey);
-                    derivedKeysBuffer.AsSpan().Slice(start: decryptionSubkey.Length, length: validationSubkey.Length).CopyTo(validationSubkey);
+                        operationSubKey: decryptionSubkey,
+                        validationSubKey: validationSubkey);
 
                     // Step 3: Calculate the correct MAC for this payload.
                     // correctHash := MAC(IV || ciphertext)
@@ -255,7 +251,7 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                     return symmetricAlgorithm.DecryptCbc(ciphertext, iv); // symmetricAlgorithm is created with CBC mode
 #else
                     var iv = new byte[_symmetricAlgorithmBlockSizeInBytes];
-                    Buffer.BlockCopy(protectedPayload.Array!, ivOffset, iv, 0, iv.Length);
+                    protectedPayload.Array.AsSpan().Slice(ivOffset, iv.Length).CopyTo(iv);
 
                     using var symmetricAlgorithm = CreateSymmetricAlgorithm();
                     using (var cryptoTransform = symmetricAlgorithm.CreateDecryptor(decryptionSubkey, iv))    
@@ -273,7 +269,6 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
                     Array.Clear(decryptedKdk, 0, decryptedKdk.Length);
                     Array.Clear(decryptionSubkey, 0, decryptionSubkey.Length);
                     Array.Clear(validationSubkey, 0, validationSubkey.Length);
-                    Array.Clear(derivedKeysBuffer, 0, derivedKeysBuffer.Length);
                 }
             }
         }
diff --git a/src/DataProtection/DataProtection/src/SP800_108/ManagedSP800_108_CTR_HMACSHA512.cs b/src/DataProtection/DataProtection/src/SP800_108/ManagedSP800_108_CTR_HMACSHA512.cs
@@ -55,55 +55,6 @@ public static void DeriveKeys(byte[] kdk, ArraySegment<byte> label, ArraySegment
         }
     }
 
-    public static void DeriveKeys(byte[] kdk, ReadOnlySpan<byte> label, ReadOnlySpan<byte> contextHeader, ReadOnlySpan<byte> contextData, Func<byte[], HashAlgorithm> prfFactory, ArraySegment<byte> output)
-    {
-        // make copies so we can mutate these local vars
-        var outputOffset = output.Offset;
-        var outputCount = output.Count;
-
-        var contextSharedLength = contextHeader.Length + contextData.Length;
-
-        using (var prf = prfFactory(kdk))
-        {
-            // See SP800-108, Sec. 5.1 for the format of the input to the PRF routine.
-            var prfInput = new byte[checked(sizeof(uint) /* [i]_2 */ + label.Length + 1 /* 0x00 */ + contextSharedLength + sizeof(uint) /* [K]_2 */)];
-
-            // Copy [L]_2 to prfInput since it's stable over all iterations
-            uint outputSizeInBits = (uint)checked((int)outputCount * 8);
-            prfInput[prfInput.Length - 4] = (byte)(outputSizeInBits >> 24);
-            prfInput[prfInput.Length - 3] = (byte)(outputSizeInBits >> 16);
-            prfInput[prfInput.Length - 2] = (byte)(outputSizeInBits >> 8);
-            prfInput[prfInput.Length - 1] = (byte)(outputSizeInBits);
-
-            // Copy label and context to prfInput since they're stable over all iterations
-            label.CopyTo(prfInput.AsSpan(sizeof(uint)));
-            contextHeader.CopyTo(prfInput.AsSpan(sizeof(uint) + label.Length + 1));
-            contextData.CopyTo(prfInput.AsSpan(sizeof(uint) + label.Length + 1 + contextHeader.Length));
-
-            var prfOutputSizeInBytes = prf.GetDigestSizeInBytes();
-            for (uint i = 1; outputCount > 0; i++)
-            {
-                // Copy [i]_2 to prfInput since it mutates with each iteration
-                prfInput[0] = (byte)(i >> 24);
-                prfInput[1] = (byte)(i >> 16);
-                prfInput[2] = (byte)(i >> 8);
-                prfInput[3] = (byte)(i);
-
-                // Run the PRF and copy the results to the output buffer
-                var prfOutput = prf.ComputeHash(prfInput);
-                CryptoUtil.Assert(prfOutputSizeInBytes == prfOutput.Length, "prfOutputSizeInBytes == prfOutput.Length");
-                var numBytesToCopyThisIteration = Math.Min(prfOutputSizeInBytes, outputCount);
-
-                prfOutput.AsSpan().Slice(0, numBytesToCopyThisIteration).CopyTo(output.Array!.AsSpan().Slice(start: outputOffset));
-                Array.Clear(prfOutput, 0, prfOutput.Length); // contains key material, so delete it
-
-                // adjust offsets
-                outputOffset += numBytesToCopyThisIteration;
-                outputCount -= numBytesToCopyThisIteration;
-            }
-        }
-    }
-
     public static void DeriveKeys(
         byte[] kdk,
         ReadOnlySpan<byte> label,
