feat: "Spanify" DataProtector

AspNetCore.slnx

@@ -161,6 +161,9 @@
     <Project Path="src/DataProtection/Abstractions/src/Microsoft.AspNetCore.DataProtection.Abstractions.csproj" />
     <Project Path="src/DataProtection/Abstractions/test/Microsoft.AspNetCore.DataProtection.Abstractions.Tests.csproj" />
   </Folder>
+  <Folder Name="/src/DataProtection/benchmarks/">
+    <Project Path="src/DataProtection/benchmarks/Microsoft.AspNetCore.DataProtection.MicroBenchmarks/Microsoft.AspNetCore.DataProtection.MicroBenchmarks.csproj" Id="71744108-dc12-4558-9788-ed62c9f0441c" />
+  </Folder>
   <Folder Name="/src/DataProtection/Cryptography.Internal/">
     <Project Path="src/DataProtection/Cryptography.Internal/src/Microsoft.AspNetCore.Cryptography.Internal.csproj" />
     <Project Path="src/DataProtection/Cryptography.Internal/test/Microsoft.AspNetCore.Cryptography.Internal.Tests.csproj" />
@@ -1143,6 +1146,7 @@
     <Project Path="src/SignalR/server/StackExchangeRedis/src/Microsoft.AspNetCore.SignalR.StackExchangeRedis.csproj" />
     <Project Path="src/SignalR/server/StackExchangeRedis/test/Microsoft.AspNetCore.SignalR.StackExchangeRedis.Tests.csproj" />
   </Folder>
+  <Folder Name="/src/SiteExtensions/" />
   <Folder Name="/src/SiteExtensions/Microsoft.Web.Xdt.Extensions/">
     <Project Path="src/SiteExtensions/Microsoft.Web.Xdt.Extensions/src/Microsoft.Web.Xdt.Extensions.csproj" />
     <Project Path="src/SiteExtensions/Microsoft.Web.Xdt.Extensions/tests/Microsoft.Web.Xdt.Extensions.Tests.csproj" />
@@ -1190,8 +1194,8 @@
     <Project Path="src/Validation/src/Microsoft.Extensions.Validation.csproj" />
   </Folder>
   <Folder Name="/src/Validation/test/">
-    <Project Path="src/Validation/test/Microsoft.Extensions.Validation.Tests/Microsoft.Extensions.Validation.Tests.csproj" />
     <Project Path="src/Validation/test/Microsoft.Extensions.Validation.GeneratorTests/Microsoft.Extensions.Validation.GeneratorTests.csproj" />
+    <Project Path="src/Validation/test/Microsoft.Extensions.Validation.Tests/Microsoft.Extensions.Validation.Tests.csproj" />
   </Folder>
   <Folder Name="/src/WebEncoders/">
     <Project Path="src/WebEncoders/src/Microsoft.Extensions.WebEncoders.csproj" />

src/DataProtection/Abstractions/src/ISpanDataProtector.cs

@@ -0,0 +1,50 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.DataProtection;
+
+/// <summary>
+/// An interface that can provide data protection services.
+/// Is an optimized version of <see cref="IDataProtector"/>.
+/// </summary>
+public interface ISpanDataProtector : IDataProtector
+{
+    /// <summary>
+    /// Determines the size of the protected data in order to then use <see cref="TryProtect(ReadOnlySpan{byte}, Span{byte}, out int)"/>."/>.
+    /// </summary>
+    /// <param name="plainTextLength">The plain text length which will be encrypted later.</param>
+    /// <returns>The size of the protected data.</returns>
+    int GetProtectedSize(int plainTextLength);
+
+    /// <summary>
+    /// Returns the size of the decrypted data for a given ciphertext length.
+    /// Size can be an over-estimation, the specific size will be written in <i>bytesWritten</i> parameter of the <see cref="TryUnprotect"/>
+    /// </summary>
+    /// <param name="cipherTextLength">Length of the cipher text that will be decrypted later.</param>
+    /// <returns>The length of the decrypted data.</returns>
+    int GetUnprotectedSize(int cipherTextLength);
+
+    /// <summary>
+    /// Attempts to encrypt and tamper-proof a piece of data.
+    /// </summary>
+    /// <param name="plainText">The input to encrypt.</param>
+    /// <param name="destination">The ciphertext blob, including authentication tag.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if destination is long enough to receive the encrypted data; otherwise, false.</returns>
+    bool TryProtect(ReadOnlySpan<byte> plainText, Span<byte> destination, out int bytesWritten);
+
+    /// <summary>
+    /// Attempts to validate the authentication tag of and decrypt a blob of encrypted data.
+    /// </summary>
+    /// <param name="cipherText">The encrypted data to decrypt.</param>
+    /// <param name="destination">The decrypted output.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if decryption was successful; otherwise, false.</returns>
+    bool TryUnprotect(ReadOnlySpan<byte> cipherText, Span<byte> destination, out int bytesWritten);
+}

src/DataProtection/Abstractions/src/Microsoft.AspNetCore.DataProtection.Abstractions.csproj

@@ -22,6 +22,10 @@ Microsoft.AspNetCore.DataProtection.IDataProtector</Description>
     <Compile Include="$(SharedSourceRoot)CallerArgument\CallerArgumentExpressionAttribute.cs" LinkBase="Shared" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' != '$(DefaultNetCoreTargetFramework)'">
+    <Reference Include="System.Memory" />
+  </ItemGroup>
+
   <ItemGroup>
     <InternalsVisibleTo Include="Microsoft.AspNetCore.DataProtection.Abstractions.Tests" />
   </ItemGroup>

src/DataProtection/Abstractions/src/PublicAPI.Unshipped.txt

@@ -1 +1,6 @@
 #nullable enable
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.GetProtectedSize(int plainTextLength) -> int
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.GetUnprotectedSize(int cipherTextLength) -> int
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryProtect(System.ReadOnlySpan<byte> plainText, System.Span<byte> destination, out int bytesWritten) -> bool
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.TryUnprotect(System.ReadOnlySpan<byte> cipherText, System.Span<byte> destination, out int bytesWritten) -> bool

src/DataProtection/DataProtection.slnf

@@ -16,6 +16,7 @@
       "src\\DataProtection\\Extensions\\test\\Microsoft.AspNetCore.DataProtection.Extensions.Tests.csproj",
       "src\\DataProtection\\StackExchangeRedis\\src\\Microsoft.AspNetCore.DataProtection.StackExchangeRedis.csproj",
       "src\\DataProtection\\StackExchangeRedis\\test\\Microsoft.AspNetCore.DataProtection.StackExchangeRedis.Tests.csproj",
+      "src\\DataProtection\\benchmarks\\Microsoft.AspNetCore.DataProtection.MicroBenchmarks\\Microsoft.AspNetCore.DataProtection.MicroBenchmarks.csproj",
       "src\\DataProtection\\samples\\CustomEncryptorSample\\CustomEncryptorSample.csproj",
       "src\\DataProtection\\samples\\EntityFrameworkCoreSample\\EntityFrameworkCoreSample.csproj",
       "src\\DataProtection\\samples\\KeyManagementSample\\KeyManagementSample.csproj",

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ISpanAuthenticatedEncryptor.cs

@@ -0,0 +1,58 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+
+/// <summary>
+/// Provides an authenticated encryption and decryption routine via a span-based API.
+/// </summary>
+public interface ISpanAuthenticatedEncryptor : IAuthenticatedEncryptor
+{
+    /// <summary>
+    /// Returns the size of the encrypted data for a given plaintext length.
+    /// </summary>
+    /// <param name="plainTextLength">Length of the plain text that will be encrypted later</param>
+    /// <returns>The length of the encrypted data</returns>
+    int GetEncryptedSize(int plainTextLength);
+
+    /// <summary>
+    /// Returns the size of the decrypted data for a given ciphertext length.
+    /// Size can be an over-estimation, the specific size will be written in <i>bytesWritten</i> parameter of the <see cref="TryDecrypt"/>
+    /// </summary>
+    /// <param name="cipherTextLength">Length of the cipher text that will be decrypted later.</param>
+    /// <returns>The length of the decrypted data.</returns>
+    int GetDecryptedSize(int cipherTextLength);
+
+    /// <summary>
+    /// Attempts to encrypt and tamper-proof a piece of data.
+    /// </summary>
+    /// <param name="plaintext">The input to encrypt.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// A piece of data which will not be included in
+    /// the returned ciphertext but which will still be covered by the authentication tag.
+    /// This input may be zero bytes in length. The same AAD must be specified in the corresponding decryption call.
+    /// </param>
+    /// <param name="destination">The ciphertext blob, including authentication tag.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if destination is long enough to receive the encrypted data; otherwise, false.</returns>
+    bool TryEncrypt(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten);
+
+    /// <summary>
+    /// Attempts to validate the authentication tag of and decrypt a blob of encrypted data.
+    /// </summary>
+    /// <param name="cipherText">The encrypted data to decrypt.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// A piece of data which was included in the authentication tag during encryption.
+    /// This input may be zero bytes in length. The same AAD must be specified in the corresponding encryption call.
+    /// </param>
+    /// <param name="destination">The decrypted output.</param>
+    /// <param name="bytesWritten">When this method returns, the total number of bytes written into destination</param>
+    /// <returns>true if decryption was successful; otherwise, false.</returns>
+    bool TryDecrypt(ReadOnlySpan<byte> cipherText, ReadOnlySpan<byte> additionalAuthenticatedData, Span<byte> destination, out int bytesWritten);
+}