raise stackalloc to 256

DeagleGross · DeagleGross · commit d87aeafebe72 · 2025-03-10T16:22:33.000+01:00
diff --git a/src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs b/src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs
@@ -197,16 +197,16 @@ public byte[] Decrypt(ArraySegment<byte> protectedPayload, ArraySegment<byte> ad
 
             // Step 2: Decrypt the KDK and use it to restore the original encryption and MAC keys.
 #if NET10_0_OR_GREATER
-            Span<byte> decryptedKdk = _keyDerivationKey.Length <= 128
-                ? stackalloc byte[128].Slice(0, _keyDerivationKey.Length)
+            Span<byte> decryptedKdk = _keyDerivationKey.Length <= 256
+                ? stackalloc byte[256].Slice(0, _keyDerivationKey.Length)
                 : new byte[_keyDerivationKey.Length];
 #else
             var decryptedKdk = new byte[_keyDerivationKey.Length];
 #endif
 
             byte[]? validationSubkeyArray = null;
-            var validationSubkey = _validationAlgorithmSubkeyLengthInBytes <= 128
-                ? stackalloc byte[128].Slice(0, _validationAlgorithmSubkeyLengthInBytes)
+            var validationSubkey = _validationAlgorithmSubkeyLengthInBytes <= 256
+                ? stackalloc byte[256].Slice(0, _validationAlgorithmSubkeyLengthInBytes)
                 : (validationSubkeyArray = new byte[_validationAlgorithmSubkeyLengthInBytes]);
 
 #if NET10_0_OR_GREATER
@@ -307,26 +307,26 @@ public byte[] Encrypt(ArraySegment<byte> plaintext, ArraySegment<byte> additiona
             var ivLength = _symmetricAlgorithmBlockSizeInBytes;
 
 #if NET10_0_OR_GREATER
-            Span<byte> decryptedKdk = _keyDerivationKey.Length <= 128
-                ? stackalloc byte[128].Slice(0, _keyDerivationKey.Length)
+            Span<byte> decryptedKdk = _keyDerivationKey.Length <= 256
+                ? stackalloc byte[256].Slice(0, _keyDerivationKey.Length)
                 : new byte[_keyDerivationKey.Length];
 #else
             var decryptedKdk = new byte[_keyDerivationKey.Length];
 #endif
 
 #if NET10_0_OR_GREATER
             byte[]? validationSubkeyArray = null;
-            Span<byte> validationSubkey = _validationAlgorithmSubkeyLengthInBytes <= 128
-                ? stackalloc byte[128].Slice(0, _validationAlgorithmSubkeyLengthInBytes)
+            Span<byte> validationSubkey = _validationAlgorithmSubkeyLengthInBytes <= 256
+                ? stackalloc byte[256].Slice(0, _validationAlgorithmSubkeyLengthInBytes)
                 : (validationSubkeyArray = new byte[_validationAlgorithmSubkeyLengthInBytes]);
 #else
             var validationSubkeyArray = new byte[_validationAlgorithmSubkeyLengthInBytes];
             var validationSubkey = validationSubkeyArray.AsSpan();
 #endif
 
 #if NET10_0_OR_GREATER
-            Span<byte> encryptionSubkey = _symmetricAlgorithmSubkeyLengthInBytes <= 128
-                ? stackalloc byte[128].Slice(0, _symmetricAlgorithmSubkeyLengthInBytes)
+            Span<byte> encryptionSubkey = _symmetricAlgorithmSubkeyLengthInBytes <= 256
+                ? stackalloc byte[256].Slice(0, _symmetricAlgorithmSubkeyLengthInBytes)
                 : new byte[_symmetricAlgorithmSubkeyLengthInBytes];
 #else
             byte[] encryptionSubkey = new byte[_symmetricAlgorithmSubkeyLengthInBytes];
