feat: "Spanify" DataProtector with IBufferWriter<byte>

AspNetCore.slnx

@@ -161,6 +161,9 @@
     <Project Path="src/DataProtection/Abstractions/src/Microsoft.AspNetCore.DataProtection.Abstractions.csproj" />
     <Project Path="src/DataProtection/Abstractions/test/Microsoft.AspNetCore.DataProtection.Abstractions.Tests.csproj" />
   </Folder>
+  <Folder Name="/src/DataProtection/benchmarks/">
+    <Project Path="src/DataProtection/benchmarks/Microsoft.AspNetCore.DataProtection.MicroBenchmarks/Microsoft.AspNetCore.DataProtection.MicroBenchmarks.csproj" />
+  </Folder>
   <Folder Name="/src/DataProtection/Cryptography.Internal/">
     <Project Path="src/DataProtection/Cryptography.Internal/src/Microsoft.AspNetCore.Cryptography.Internal.csproj" />
     <Project Path="src/DataProtection/Cryptography.Internal/test/Microsoft.AspNetCore.Cryptography.Internal.Tests.csproj" />
@@ -1143,6 +1146,7 @@
     <Project Path="src/SignalR/server/StackExchangeRedis/src/Microsoft.AspNetCore.SignalR.StackExchangeRedis.csproj" />
     <Project Path="src/SignalR/server/StackExchangeRedis/test/Microsoft.AspNetCore.SignalR.StackExchangeRedis.Tests.csproj" />
   </Folder>
+  <Folder Name="/src/SiteExtensions/" />
   <Folder Name="/src/SiteExtensions/Microsoft.Web.Xdt.Extensions/">
     <Project Path="src/SiteExtensions/Microsoft.Web.Xdt.Extensions/src/Microsoft.Web.Xdt.Extensions.csproj" />
     <Project Path="src/SiteExtensions/Microsoft.Web.Xdt.Extensions/tests/Microsoft.Web.Xdt.Extensions.Tests.csproj" />
@@ -1190,8 +1194,8 @@
     <Project Path="src/Validation/src/Microsoft.Extensions.Validation.csproj" />
   </Folder>
   <Folder Name="/src/Validation/test/">
-    <Project Path="src/Validation/test/Microsoft.Extensions.Validation.Tests/Microsoft.Extensions.Validation.Tests.csproj" />
     <Project Path="src/Validation/test/Microsoft.Extensions.Validation.GeneratorTests/Microsoft.Extensions.Validation.GeneratorTests.csproj" />
+    <Project Path="src/Validation/test/Microsoft.Extensions.Validation.Tests/Microsoft.Extensions.Validation.Tests.csproj" />
   </Folder>
   <Folder Name="/src/WebEncoders/">
     <Project Path="src/WebEncoders/src/Microsoft.Extensions.WebEncoders.csproj" />

src/DataProtection/Abstractions/src/ISpanDataProtector.cs

@@ -0,0 +1,56 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Buffers;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.DataProtection;
+
+/// <summary>
+/// An interface that can provide data protection services.
+/// Is an optimized version of <see cref="IDataProtector"/>.
+/// </summary>
+public interface ISpanDataProtector : IDataProtector
+{
+    /// <summary>
+    /// Cryptographically protects a piece of plaintext data and writes the result to a buffer writer.
+    /// </summary>
+    /// <typeparam name="TWriter">The type of buffer writer to write the protected data to.</typeparam>
+    /// <param name="plaintext">The plaintext data to protect.</param>
+    /// <param name="destination">The buffer writer to which the protected data will be written.</param>
+    /// <remarks>
+    /// This method provides an optimized, streaming alternative to <see cref="IDataProtector.Protect(byte[])"/>.
+    /// Rather than allocating an intermediate buffer, the protected data is written directly to the provided
+    /// buffer writer, which can improve performance and reduce memory allocation pressure.
+    /// The buffer writer is advanced by the total number of bytes written to it.
+    /// </remarks>
+    void Protect<TWriter>(ReadOnlySpan<byte> plaintext, ref TWriter destination)
+        where TWriter : IBufferWriter<byte>
+#if NET
+        , allows ref struct
+#endif
+        ;
+
+    /// <summary>
+    /// Cryptographically unprotects a piece of protected data and writes the result to a buffer writer.
+    /// </summary>
+    /// <typeparam name="TWriter">The type of buffer writer to write the unprotected data to.</typeparam>
+    /// <param name="protectedData">The protected data to unprotect.</param>
+    /// <param name="destination">The buffer writer to which the unprotected plaintext will be written.</param>
+    /// <remarks>
+    /// This method provides an optimized, streaming alternative to <see cref="IDataProtector.Unprotect(byte[])"/>.
+    /// Rather than allocating an intermediate buffer, the unprotected plaintext is written directly to the provided
+    /// buffer writer, which can improve performance and reduce memory allocation pressure.
+    /// The buffer writer is advanced by the total number of bytes written to it.
+    /// </remarks>
+    void Unprotect<TWriter>(ReadOnlySpan<byte> protectedData, ref TWriter destination)
+        where TWriter : IBufferWriter<byte>
+#if NET
+        , allows ref struct
+#endif
+        ;
+}

src/DataProtection/Abstractions/src/Microsoft.AspNetCore.DataProtection.Abstractions.csproj

@@ -22,6 +22,10 @@ Microsoft.AspNetCore.DataProtection.IDataProtector</Description>
     <Compile Include="$(SharedSourceRoot)CallerArgument\CallerArgumentExpressionAttribute.cs" LinkBase="Shared" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' != '$(DefaultNetCoreTargetFramework)'">
+    <Reference Include="System.Memory" />
+  </ItemGroup>
+
   <ItemGroup>
     <InternalsVisibleTo Include="Microsoft.AspNetCore.DataProtection.Abstractions.Tests" />
   </ItemGroup>

src/DataProtection/Abstractions/src/PublicAPI.Unshipped.txt

@@ -1 +1,4 @@
 #nullable enable
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.Protect<TWriter>(System.ReadOnlySpan<byte> plaintext, ref TWriter destination) -> void
+Microsoft.AspNetCore.DataProtection.ISpanDataProtector.Unprotect<TWriter>(System.ReadOnlySpan<byte> protectedData, ref TWriter destination) -> void

src/DataProtection/DataProtection.slnf

@@ -16,6 +16,7 @@
       "src\\DataProtection\\Extensions\\test\\Microsoft.AspNetCore.DataProtection.Extensions.Tests.csproj",
       "src\\DataProtection\\StackExchangeRedis\\src\\Microsoft.AspNetCore.DataProtection.StackExchangeRedis.csproj",
       "src\\DataProtection\\StackExchangeRedis\\test\\Microsoft.AspNetCore.DataProtection.StackExchangeRedis.Tests.csproj",
+      "src\\DataProtection\\benchmarks\\Microsoft.AspNetCore.DataProtection.MicroBenchmarks\\Microsoft.AspNetCore.DataProtection.MicroBenchmarks.csproj",
       "src\\DataProtection\\samples\\CustomEncryptorSample\\CustomEncryptorSample.csproj",
       "src\\DataProtection\\samples\\EntityFrameworkCoreSample\\EntityFrameworkCoreSample.csproj",
       "src\\DataProtection\\samples\\KeyManagementSample\\KeyManagementSample.csproj",

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ISpanAuthenticatedEncryptor.cs

@@ -0,0 +1,64 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Buffers;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+
+/// <summary>
+/// Provides an authenticated encryption and decryption routine via a span-based API.
+/// </summary>
+public interface ISpanAuthenticatedEncryptor : IAuthenticatedEncryptor
+{
+    /// <summary>
+    /// Encrypts and authenticates a piece of plaintext data and writes the result to a buffer writer.
+    /// </summary>
+    /// <typeparam name="TWriter">The type of buffer writer to write the ciphertext to.</typeparam>
+    /// <param name="plaintext">The plaintext to encrypt. This input may be zero bytes in length.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// A piece of data which will not be included in the returned ciphertext
+    /// but which will still be covered by the authentication tag. This input may be zero bytes in length.
+    /// The same AAD must be specified in the corresponding call to <see cref="Decrypt{TWriter}"/>.
+    /// </param>
+    /// <param name="destination">The buffer writer to which the ciphertext (including authentication tag) will be written.</param>
+    /// <remarks>
+    /// This method provides an optimized, streaming alternative to <see cref="IAuthenticatedEncryptor.Encrypt(System.ArraySegment{byte}, System.ArraySegment{byte})"/>.
+    /// Rather than allocating an intermediate buffer, the ciphertext is written directly to the provided buffer writer,
+    /// which can improve performance and reduce memory allocation pressure.
+    /// The buffer writer is advanced by the total number of bytes written to it.
+    /// </remarks>
+    void Encrypt<TWriter>(ReadOnlySpan<byte> plaintext, ReadOnlySpan<byte> additionalAuthenticatedData, ref TWriter destination)
+        where TWriter : IBufferWriter<byte>
+#if NET
+        , allows ref struct
+#endif
+        ;
+
+    /// <summary>
+    /// Validates the authentication tag of and decrypts a blob of encrypted data, writing the result to a buffer writer.
+    /// </summary>
+    /// <typeparam name="TWriter">The type of buffer writer to write the plaintext to.</typeparam>
+    /// <param name="ciphertext">The ciphertext (including authentication tag) to decrypt.</param>
+    /// <param name="additionalAuthenticatedData">
+    /// Any ancillary data which was used during computation of the authentication tag.
+    /// The same AAD must have been specified in the corresponding call to <see cref="Encrypt{TWriter}"/>.
+    /// </param>
+    /// <param name="destination">The buffer writer to which the decrypted plaintext will be written.</param>
+    /// <remarks>
+    /// This method provides an optimized, streaming alternative to <see cref="IAuthenticatedEncryptor.Decrypt(System.ArraySegment{byte}, System.ArraySegment{byte})"/>.
+    /// Rather than allocating an intermediate buffer, the plaintext is written directly to the provided buffer writer,
+    /// which can improve performance and reduce memory allocation pressure.
+    /// The buffer writer is advanced by the total number of bytes written to it.
+    /// </remarks>
+    void Decrypt<TWriter>(ReadOnlySpan<byte> ciphertext, ReadOnlySpan<byte> additionalAuthenticatedData, ref TWriter destination)
+        where TWriter : IBufferWriter<byte>
+#if NET
+        , allows ref struct
+#endif
+        ;
+}