prettify

Author: DeagleGross

src/DataProtection/DataProtection/src/Internal/DataProtectionPool.cs

@@ -9,6 +9,11 @@
 using System.Threading.Tasks;
 
 namespace Microsoft.AspNetCore.DataProtection.Internal;
+
+/// <summary>
+/// Used for pooling secret data (e.g. Protect()/Unprotect() flow).
+/// Main goal is not to intersect with the <see cref="ArrayPool{T}.Shared"/>
+/// </summary>
 internal static class DataProtectionPool
 {
     private static readonly ArrayPool<byte> _pool = ArrayPool<byte>.Create();

src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs

@@ -197,9 +197,6 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
 
             // Step 2: Decrypt the KDK and use it to restore the original encryption and MAC keys.
 
-            // The best optimization is to stackalloc. If the size is too big, we would want to rent from the pool,
-            // but we can't due to the HashAlgorithm, ValidationAlgorithm and SymmetricAlgorithm requiring a byte[] instead of a Span<byte>
-            // in the constructor / Key property.
 #if NET10_0_OR_GREATER
             byte[]? decryptedKdkLease = null;
             Span<byte> decryptedKdk = _keyDerivationKey.Length <= 128
@@ -209,6 +206,11 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
             var decryptedKdk = new byte[_keyDerivationKey.Length];
 #endif
 
+            // The best optimization is to stackalloc. If the size is too big, we would want to rent from the pool,
+            // but we can't due to the ValidationAlgorithm and SymmetricAlgorithm requiring a byte[] instead of a Span<byte>
+            // in the constructor / Key property.
+            // Also .Rent() returns an array of approximately the same size (for input 24 it will be 32 in example)
+            // but in this code we need to slice it (again it will be Span<byte>) which is not compatible with APIS
             var decryptionSubkey = new byte[_symmetricAlgorithmSubkeyLengthInBytes];
             var validationSubkey = new byte[_validationAlgorithmSubkeyLengthInBytes];
 

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/E2ETests.cs

@@ -0,0 +1,28 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.DataProtection.Tests;
+public class E2ETests
+{
+    [Fact]
+    public void ProtectAndUnprotect_ForSampleAntiforgeryToken()
+    {
+        const string sampleToken = "CfDJ8H5oH_fp1QNBmvs-OWXxsVoV30hrXeI4-PI4p1VZytjsgd0DTstMdtTZbFtm2dKHvsBlDCv7TiEWKztZf8fb48pUgBgUE2SeYV3eOUXvSfNWU0D8SmHLy5KEnwKKkZKqudDhCnjQSIU7mhDliJJN1e4";
+
+        var dataProtector = GetServiceCollectionBuiltDataProtector();
+        var encrypted = dataProtector.Protect(sampleToken);
+        var decrypted = dataProtector.Unprotect(encrypted);
+        Assert.Equal(sampleToken, decrypted);
+    }
+
+    private static IDataProtector GetServiceCollectionBuiltDataProtector(string purpose = "samplePurpose")
+        => new ServiceCollection()
+            .AddDataProtection()
+            .Services.BuildServiceProvider()
+            .GetDataProtector(purpose);
+}

src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingBasedDataProtectorTests.cs

@@ -619,23 +619,6 @@ public void CreateProtector_ChainsPurposes()
         Assert.Equal(expectedProtectedData, retVal);
     }
 
-    [Fact]
-    public void Test()
-    {
-        const string sampleToken = "CfDJ8H5oH_fp1QNBmvs-OWXxsVoV30hrXeI4-PI4p1VZytjsgd0DTstMdtTZbFtm2dKHvsBlDCv7TiEWKztZf8fb48pUgBgUE2SeYV3eOUXvSfNWU0D8SmHLy5KEnwKKkZKqudDhCnjQSIU7mhDliJJN1e4";
-
-        var dataProtector = GetServiceCollectionBuiltDataProtector();
-        var encrypted = dataProtector.Protect(sampleToken);
-        var decrypted = dataProtector.Unprotect(encrypted);
-        Assert.Equal(sampleToken, decrypted);
-    }
-
-    private static IDataProtector GetServiceCollectionBuiltDataProtector()
-        => new ServiceCollection()
-            .AddDataProtection()
-            .Services.BuildServiceProvider()
-            .GetDataProtector("SamplePurpose");
-
     private static byte[] BuildAadFromPurposeStrings(Guid keyId, params string[] purposes)
     {
         var expectedAad = new byte[] { 0x09, 0xF0, 0xC9, 0xF0 } // magic header