dotnet
diff --git a/‎src/DataProtection/Abstractions/src/ISpanDataProtector.cs‎
Lines changed: 2 additions & 5 deletions b/‎src/DataProtection/Abstractions/src/ISpanDataProtector.cs‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎src/DataProtection/Abstractions/src/PublicAPI.Unshipped.txt‎
Lines changed: 1 addition & 1 deletion b/‎src/DataProtection/Abstractions/src/PublicAPI.Unshipped.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/DataProtection/DataProtection/src/KeyManagement/KeyRingBasedDataProtector.cs‎
Lines changed: 1 addition & 79 deletions b/‎src/DataProtection/DataProtection/src/KeyManagement/KeyRingBasedDataProtector.cs‎
Lines changed: 1 addition & 79 deletions
@@ -17,13 +17,10 @@ public interface ISpanDataProtector : IDataProtector
 {
     /// <summary>
     /// Determines the size of the protected data in order to then use <see cref="TryProtect(ReadOnlySpan{byte}, Span{byte}, out int)"/>."/>.
-    /// <br/> Returns the boolean representing if current implementation of data protector supports <see cref="ISpanDataProtector"/> or not.
-    /// If it does not (returns false), then one needs to fallback to <see cref="IDataProtector"/> and use <see cref="IDataProtector.Protect(byte[])"/> and <see cref="IDataProtector.Unprotect(byte[])"/> methods instead.
     /// </summary>
     /// <param name="plainText">The plain text that will be encrypted later</param>
-    /// <param name="cipherTextLength">The length of the expected cipher text.</param>
-    /// <returns>true, if <see cref="ISpanDataProtector"/> is supported. False if a fallback to <see cref="IDataProtector"/> is required.</returns>
-    bool TryGetProtectedSize(ReadOnlySpan<byte> plainText, out int cipherTextLength);
+    /// <returns>The size of the protected data.</returns>
+    int GetProtectedSize(ReadOnlySpan<byte> plainText);
 
     /// <summary>
     /// Attempts to encrypt and tamper-proof a piece of data.
 
@@ -1,4 +1,4 @@
 #nullable enable
 Microsoft.AspNetCore.DataProtection.ISpanDataProtector
-Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryGetProtectedSize(System.ReadOnlySpan<byte> plainText, out int cipherTextLength) -> bool
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.GetProtectedSize(System.ReadOnlySpan<byte> plainText, out int cipherTextLength) -> int
 Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryProtect(System.ReadOnlySpan<byte> plainText, System.Span<byte> destination, out int bytesWritten) -> bool
@@ -21,7 +21,7 @@
 
 namespace Microsoft.AspNetCore.DataProtection.KeyManagement;
 
-internal sealed unsafe class KeyRingBasedDataProtector : ISpanDataProtector, IPersistedDataProtector
+internal unsafe class KeyRingBasedDataProtector : IDataProtector, IPersistedDataProtector
 {
     // This magic header identifies a v0 protected data blob. It's the high 28 bits of the SHA1 hash of
     // "Microsoft.AspNet.DataProtection.KeyManagement.KeyRingBasedDataProtector" [US-ASCII], big-endian.
@@ -34,8 +34,6 @@ internal sealed unsafe class KeyRingBasedDataProtector : ISpanDataProtector, IPe
     private readonly IKeyRingProvider _keyRingProvider;
     private readonly ILogger? _logger;
 
-    private static readonly int _magicHeaderKeyIdSize = sizeof(uint) + sizeof(Guid);
-
     public KeyRingBasedDataProtector(IKeyRingProvider keyRingProvider, ILogger? logger, string[]? originalPurposes, string newPurpose)
     {
         Debug.Assert(keyRingProvider != null);
@@ -92,82 +90,6 @@ public byte[] DangerousUnprotect(byte[] protectedData, bool ignoreRevocationErro
         return retVal;
     }
 
-    public bool TryGetProtectedSize(ReadOnlySpan<byte> plainText, out int cipherTextLength)
-    {
-        cipherTextLength = default;
-
-        // Get the current key ring to access the encryptor
-        var currentKeyRing = _keyRingProvider.GetCurrentKeyRing();
-        var defaultEncryptor = currentKeyRing.DefaultAuthenticatedEncryptor;
-        if (defaultEncryptor is not ISpanAuthenticatedEncryptor optimizedAuthenticatedEncryptor)
-        {
-            return false;
-        }
-        CryptoUtil.Assert(optimizedAuthenticatedEncryptor != null, "optimizedAuthenticatedEncryptor != null");
-
-        // We allocate a 20-byte pre-buffer so that we can inject the magic header and key id into the return value.
-        // See Protect() / TryProtect() for details
-        cipherTextLength = _magicHeaderKeyIdSize + optimizedAuthenticatedEncryptor.GetEncryptedSize(plainText.Length);
-        return true;
-    }
-
-    public bool TryProtect(ReadOnlySpan<byte> plaintext, Span<byte> destination, out int bytesWritten)
-    {
-        try
-        {
-            // Perform the encryption operation using the current default encryptor.
-            var currentKeyRing = _keyRingProvider.GetCurrentKeyRing();
-            var defaultKeyId = currentKeyRing.DefaultKeyId;
-            var defaultEncryptor = currentKeyRing.DefaultAuthenticatedEncryptor;
-            if (defaultEncryptor is not ISpanAuthenticatedEncryptor spanEncryptor)
-            {
-                throw new NotSupportedException("The current default encryptor does not support optimized protection.");
-            }
-            CryptoUtil.Assert(spanEncryptor != null, "optimizedAuthenticatedEncryptor != null");
-
-            if (_logger.IsDebugLevelEnabled())
-            {
-                _logger.PerformingProtectOperationToKeyWithPurposes(defaultKeyId, JoinPurposesForLog(Purposes));
-            }
-
-            // We'll need to apply the default key id to the template if it hasn't already been applied.
-            // If the default key id has been updated since the last call to Protect, also write back the updated template.
-            var aad = _aadTemplate.GetAadForKey(defaultKeyId, isProtecting: true);
-
-            var preBufferSize = _magicHeaderKeyIdSize;
-            var postBufferSize = 0;
-            var destinationBufferOffsets = destination.Slice(preBufferSize, destination.Length - (preBufferSize + postBufferSize));
-            var success = spanEncryptor.TryEncrypt(plaintext, aad, destinationBufferOffsets, out bytesWritten);
-
-            // At this point: destination := { 000..000 || encryptorSpecificProtectedPayload },
-            // where 000..000 is a placeholder for our magic header and key id.
-
-            // Write out the magic header and key id
-#if NET10_0_OR_GREATER
-            BinaryPrimitives.WriteUInt32BigEndian(destination.Slice(0, sizeof(uint)), MAGIC_HEADER_V0);
-            var writeKeyIdResult = defaultKeyId.TryWriteBytes(destination.Slice(sizeof(uint), sizeof(Guid)));
-            Debug.Assert(writeKeyIdResult, "Failed to write Guid to destination.");
-#else
-            fixed (byte* pbRetVal = destination)
-            {
-                WriteBigEndianInteger(pbRetVal, MAGIC_HEADER_V0);
-                WriteGuid(&pbRetVal[sizeof(uint)], defaultKeyId);
-            }
-#endif
-
-            bytesWritten += _magicHeaderKeyIdSize;
-
-            // At this point, destination := { magicHeader || keyId || encryptorSpecificProtectedPayload }
-            // And we're done!
-            return success;
-        }
-        catch (Exception ex) when (ex.RequiresHomogenization())
-        {
-            // homogenize all errors to CryptographicException
-            throw Error.Common_EncryptionFailed(ex);
-        }
-    }
-
     public byte[] Protect(byte[] plaintext)
     {
         ArgumentNullThrowHelper.ThrowIfNull(plaintext);