Update SDK

.azure/pipelines/ci.yml

@@ -836,6 +836,8 @@ stages:
             workingDirectory: $(Agent.TempDirectory)
             env:
               BLOB_CONTAINER_URL: $(source-dot-net-stage1-blob-container-url)
+              # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary
+              DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true
 
 - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}:
   - template: /eng/common/templates/post-build/post-build.yml

.azure/pipelines/jobs/default-build.yml

@@ -224,6 +224,8 @@ jobs:
               # Include the variables we always want.
               COMPlus_DbgEnableMiniDump: 1
               COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core"
+              # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary
+              DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true
               # Expand provided `env:` properties, if any.
               ${{ if step.env }}:
                 ${{ step.env }}
@@ -235,12 +237,16 @@ jobs:
           env:
             COMPlus_DbgEnableMiniDump: 1
             COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core"
+            # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary
+            DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true
       - ${{ if ne(parameters.agentOs, 'Windows') }}:
         - script: $(BuildDirectory)/build.sh --ci --nobl --configuration $(BuildConfiguration) $(BuildScriptArgs)
           displayName: Run build.sh
           env:
             COMPlus_DbgEnableMiniDump: 1
             COMPlus_DbgMiniDumpName: "$(System.DefaultWorkingDirectory)/dotnet-%d.%t.core"
+            # !temporary! Remove as soon as .NET SDK includes a new-enough `msbuild` to make this hack unnecessary
+            DOTNET_CLI_DO_NOT_USE_MSBUILD_SERVER: true
 
     - ${{ parameters.afterBuild }}
 

Directory.Build.props

@@ -119,6 +119,9 @@
 
     <!-- xUnit1004 = warns about skipped tests. Make this a non-fatal build warning. -->
     <WarningsNotAsErrors>$(WarningsNotAsErrors);xUnit1004</WarningsNotAsErrors>
+
+    <!-- don't warn about unnecessary trim warning suppressions. can be removed with preview 6. -->
+    <NoWarn>$(NoWarn);IL2121</NoWarn>
   </PropertyGroup>
 
   <!-- Source code settings -->

global.json

@@ -1,9 +1,9 @@
 {
   "sdk": {
-    "version": "7.0.100-rc.1.22375.2"
+    "version": "7.0.100-rc.2.22419.24"
   },
   "tools": {
-    "dotnet": "7.0.100-rc.1.22375.2",
+    "dotnet": "7.0.100-rc.2.22419.24",
     "runtimes": {
       "dotnet/x86": [
         "$(MicrosoftNETCoreBrowserDebugHostTransportVersion)"

src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj

@@ -4,7 +4,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
 
     <!-- IdentityServer packages are not strong named. -->
-    <NoWarn>CS8002</NoWarn>
+    <NoWarn>$(NoWarn);CS8002</NoWarn>
     <!-- This project references the shared framework transitively. Prevent restore errors by setting this flag. -->
     <GenerateErrorForMissingTargetingPacks>false</GenerateErrorForMissingTargetingPacks>
     <IdentityDefaultUIFramework>Bootstrap5</IdentityDefaultUIFramework>

src/Components/WebAssembly/testassets/WasmLinkerTest/WasmLinkerTest.csproj

@@ -52,6 +52,7 @@
         OutputDirectory="$(LibrariesTrimmedArtifactsPath)"
         ReferenceAssemblyPaths="@(RuntimePackAsset);@(ReferencePath->WithMetadataValue('ExternallyResolved', 'true'))"
         ExtraArgs="$(ILLinkArgs)"
+        NoWarn="$(NoWarn)"
         TrimMode="link"
         ToolExe="$(_DotNetHostFileName)"
         ToolPath="$(_DotNetHostDirectory)" />

src/DataProtection/DataProtection/src/AuthenticatedEncryption/AuthenticatedEncryptorFactory.cs

@@ -163,6 +163,7 @@ private static string GetBCryptAlgorithmNameFromValidationAlgorithm(ValidationAl
         }
     }
 
+    [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)]
     private static Type GetManagedTypeFromEncryptionAlgorithm(EncryptionAlgorithm algorithm)
     {
         switch (algorithm)
@@ -180,6 +181,7 @@ private static Type GetManagedTypeFromEncryptionAlgorithm(EncryptionAlgorithm al
         }
     }
 
+    [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)]
     private static Type GetManagedTypeFromValidationAlgorithm(ValidationAlgorithm algorithm)
     {
         switch (algorithm)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAlgorithmHelpers.cs

@@ -0,0 +1,66 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Security.Cryptography;
+using System.Xml.Linq;
+
+namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
+
+internal static class ManagedAlgorithmHelpers
+{
+    private static readonly List<Type> KnownAlgorithmTypes = new List<Type>
+    {
+        typeof(Aes),
+        typeof(HMACSHA1),
+        typeof(HMACSHA256),
+        typeof(HMACSHA384),
+        typeof(HMACSHA512)
+    };
+
+    // Any changes to this method should also be be reflected in FriendlyNameToType.
+    public static string TypeToFriendlyName(Type type)
+    {
+        if (KnownAlgorithmTypes.Contains(type))
+        {
+            return type.Name;
+        }
+        else
+        {
+            return type.AssemblyQualifiedName!;
+        }
+    }
+
+    // Any changes to this method should also be be reflected in TypeToFriendlyName.
+    [return: DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)]
+    [UnconditionalSuppressMessage("Trimmer", "IL2075", Justification = "Unknown type is checked for whether it has a public parameterless constructor. Handle trimmed types by providing a useful error message.")]
+    [UnconditionalSuppressMessage("Trimmer", "IL2073", Justification = "Unknown type is checked for whether it has a public parameterless constructor. Handle trimmed types by providing a useful error message.")]
+    public static Type FriendlyNameToType(string typeName)
+    {
+        foreach (var knownType in KnownAlgorithmTypes)
+        {
+            if (knownType.Name == typeName)
+            {
+                return knownType;
+            }
+        }
+
+        var type = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(typeName);
+
+        // Type name could be full or assembly qualified name of known type.
+        if (KnownAlgorithmTypes.Contains(type))
+        {
+            return type;
+        }
+
+        // All other types are created using Activator.CreateInstance. Validate it has a valid constructor.
+        if (type.GetConstructor(Type.EmptyTypes) == null)
+        {
+            throw new InvalidOperationException($"Algorithm type {type} doesn't have a public parameterless constructor. If the app is published with trimming then the constructor may have been trimmed. Ensure the type's assembly is excluded from trimming.");
+        }
+
+        return type;
+    }
+}

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorConfiguration.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
 using Microsoft.Extensions.Logging.Abstractions;
 
@@ -24,6 +25,7 @@ public sealed class ManagedAuthenticatedEncryptorConfiguration : AlgorithmConfig
     /// The default algorithm is AES.
     /// </remarks>
     [ApplyPolicy]
+    [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)]
     public Type EncryptionAlgorithmType { get; set; } = typeof(Aes);
 
     /// <summary>
@@ -47,6 +49,7 @@ public sealed class ManagedAuthenticatedEncryptorConfiguration : AlgorithmConfig
     /// The default algorithm is HMACSHA256.
     /// </remarks>
     [ApplyPolicy]
+    [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)]
     public Type ValidationAlgorithmType { get; set; } = typeof(HMACSHA256);
 
     /// <inheritdoc />

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptor.cs

@@ -49,11 +49,11 @@ public XmlSerializedDescriptorInfo ExportToXml()
         // </descriptor>
 
         var encryptionElement = new XElement("encryption",
-            new XAttribute("algorithm", TypeToFriendlyName(Configuration.EncryptionAlgorithmType)),
+            new XAttribute("algorithm", ManagedAlgorithmHelpers.TypeToFriendlyName(Configuration.EncryptionAlgorithmType)),
             new XAttribute("keyLength", Configuration.EncryptionAlgorithmKeySize));
 
         var validationElement = new XElement("validation",
-            new XAttribute("algorithm", TypeToFriendlyName(Configuration.ValidationAlgorithmType)));
+            new XAttribute("algorithm", ManagedAlgorithmHelpers.TypeToFriendlyName(Configuration.ValidationAlgorithmType)));
 
         var rootElement = new XElement("descriptor",
             new XComment(" Algorithms provided by specified SymmetricAlgorithm and KeyedHashAlgorithm "),
@@ -63,34 +63,4 @@ public XmlSerializedDescriptorInfo ExportToXml()
 
         return new XmlSerializedDescriptorInfo(rootElement, typeof(ManagedAuthenticatedEncryptorDescriptorDeserializer));
     }
-
-    // Any changes to this method should also be be reflected
-    // in ManagedAuthenticatedEncryptorDescriptorDeserializer.FriendlyNameToType.
-    private static string TypeToFriendlyName(Type type)
-    {
-        if (type == typeof(Aes))
-        {
-            return nameof(Aes);
-        }
-        else if (type == typeof(HMACSHA1))
-        {
-            return nameof(HMACSHA1);
-        }
-        else if (type == typeof(HMACSHA256))
-        {
-            return nameof(HMACSHA256);
-        }
-        else if (type == typeof(HMACSHA384))
-        {
-            return nameof(HMACSHA384);
-        }
-        else if (type == typeof(HMACSHA512))
-        {
-            return nameof(HMACSHA512);
-        }
-        else
-        {
-            return type.AssemblyQualifiedName!;
-        }
-    }
 }

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -34,44 +34,14 @@ public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
         var configuration = new ManagedAuthenticatedEncryptorConfiguration();
 
         var encryptionElement = element.Element("encryption")!;
-        configuration.EncryptionAlgorithmType = FriendlyNameToType((string)encryptionElement.Attribute("algorithm")!);
+        configuration.EncryptionAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType((string)encryptionElement.Attribute("algorithm")!);
         configuration.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength")!;
 
         var validationElement = element.Element("validation")!;
-        configuration.ValidationAlgorithmType = FriendlyNameToType((string)validationElement.Attribute("algorithm")!);
+        configuration.ValidationAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType((string)validationElement.Attribute("algorithm")!);
 
         Secret masterKey = ((string)element.Element("masterKey")!).ToSecret();
 
         return new ManagedAuthenticatedEncryptorDescriptor(configuration, masterKey);
     }
-
-    // Any changes to this method should also be be reflected
-    // in ManagedAuthenticatedEncryptorDescriptor.TypeToFriendlyName.
-    private static Type FriendlyNameToType(string typeName)
-    {
-        if (typeName == nameof(Aes))
-        {
-            return typeof(Aes);
-        }
-        else if (typeName == nameof(HMACSHA1))
-        {
-            return typeof(HMACSHA1);
-        }
-        else if (typeName == nameof(HMACSHA256))
-        {
-            return typeof(HMACSHA256);
-        }
-        else if (typeName == nameof(HMACSHA384))
-        {
-            return typeof(HMACSHA384);
-        }
-        else if (typeName == nameof(HMACSHA512))
-        {
-            return typeof(HMACSHA512);
-        }
-        else
-        {
-            return TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(typeName);
-        }
-    }
 }

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ManagedAuthenticatedEncryptorFactory.cs

@@ -111,7 +111,7 @@ private static class AlgorithmActivator
         /// <summary>
         /// Creates a factory that wraps a call to <see cref="Activator.CreateInstance{T}"/>.
         /// </summary>
-        public static Func<T> CreateFactory<T>(Type implementation)
+        public static Func<T> CreateFactory<T>([DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor)] Type implementation)
         {
             return ((IActivator<T>)Activator.CreateInstance(typeof(AlgorithmActivatorCore<>).MakeGenericType(implementation))!).Creator;
         }

src/DataProtection/DataProtection/src/RegistryPolicyResolver.cs

@@ -177,7 +177,7 @@ private static ManagedAuthenticatedEncryptorConfiguration GetManagedAuthenticate
         var valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmType));
         if (valueFromRegistry != null)
         {
-            options.EncryptionAlgorithmType = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!);
+            options.EncryptionAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!);
         }
 
         valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.EncryptionAlgorithmKeySize));
@@ -189,7 +189,7 @@ private static ManagedAuthenticatedEncryptorConfiguration GetManagedAuthenticate
         valueFromRegistry = key.GetValue(nameof(ManagedAuthenticatedEncryptorConfiguration.ValidationAlgorithmType));
         if (valueFromRegistry != null)
         {
-            options.ValidationAlgorithmType = TypeExtensions.GetTypeWithTrimFriendlyErrorMessage(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!);
+            options.ValidationAlgorithmType = ManagedAlgorithmHelpers.FriendlyNameToType(Convert.ToString(valueFromRegistry, CultureInfo.InvariantCulture)!);
         }
 
         return options;

src/DataProtection/DataProtection/test/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializerTests.cs

@@ -50,7 +50,7 @@ public void ImportFromXml_BuiltInTypes_CreatesAppropriateDescriptor(Type encrypt
     }
 
     [Fact]
-    public void ImportFromXml_CustomType_CreatesAppropriateDescriptor()
+    public void ImportFromXml_FullyQualifiedBuiltInTypes_CreatesAppropriateDescriptor()
     {
         // Arrange
         var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
@@ -83,6 +83,69 @@ public void ImportFromXml_CustomType_CreatesAppropriateDescriptor()
         Assert.Equal(plaintext, roundTripPlaintext);
     }
 
+    [Fact]
+    public void ImportFromXml_CustomType_CreatesAppropriateDescriptor()
+    {
+        // Arrange
+        var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
+
+        var xml = $@"
+                <descriptor>
+                  <encryption algorithm='{typeof(CustomAlgorithm).AssemblyQualifiedName}' keyLength='192' />
+                  <validation algorithm='{typeof(HMACSHA384).AssemblyQualifiedName}' />
+                  <masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
+                    <value>{masterKey}</value>
+                  </masterKey>
+                </descriptor>";
+
+        // Act
+        var deserializedDescriptor = new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml));
+        var managedDescriptor = (ManagedAuthenticatedEncryptorDescriptor)deserializedDescriptor;
+
+        // Assert
+        Assert.Equal(typeof(CustomAlgorithm), managedDescriptor.Configuration.EncryptionAlgorithmType);
+    }
+
+    [Fact]
+    public void ImportFromXml_CustomTypeWithoutConstructor_CreatesAppropriateDescriptor()
+    {
+        // Arrange
+        var masterKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("[PLACEHOLDER]"));
+
+        var xml = $@"
+                <descriptor>
+                  <encryption algorithm='{typeof(CustomAlgorithmNoConstructor).AssemblyQualifiedName}' keyLength='192' />
+                  <validation algorithm='{typeof(HMACSHA384).AssemblyQualifiedName}' />
+                  <masterKey enc:requiresEncryption='true' xmlns:enc='http://schemas.asp.net/2015/03/dataProtection'>
+                    <value>{masterKey}</value>
+                  </masterKey>
+                </descriptor>";
+
+        // Act
+        var ex = Assert.Throws<InvalidOperationException>(() => new ManagedAuthenticatedEncryptorDescriptorDeserializer().ImportFromXml(XElement.Parse(xml)));
+
+        // Assert
+        Assert.Equal($"Algorithm type {typeof(CustomAlgorithmNoConstructor).FullName} doesn't have a public parameterless constructor. If the app is published with trimming then the constructor may have been trimmed. Ensure the type's assembly is excluded from trimming.", ex.Message);
+    }
+
+    public class CustomAlgorithm : SymmetricAlgorithm
+    {
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException();
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException();
+        public override void GenerateIV() => throw new NotImplementedException();
+        public override void GenerateKey() => throw new NotImplementedException();
+    }
+
+    public class CustomAlgorithmNoConstructor : SymmetricAlgorithm
+    {
+        private CustomAlgorithmNoConstructor() { }
+
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException();
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV) => throw new NotImplementedException();
+        public override void GenerateIV() => throw new NotImplementedException();
+        public override void GenerateKey() => throw new NotImplementedException();
+    }
+
     private static IAuthenticatedEncryptor CreateEncryptorInstanceFromDescriptor(ManagedAuthenticatedEncryptorDescriptor descriptor)
     {
         var encryptorFactory = new ManagedAuthenticatedEncryptorFactory(NullLoggerFactory.Instance);

src/DataProtection/DataProtection/test/RegistryPolicyResolverTests.cs

@@ -226,13 +226,13 @@ public void ResolvePolicy_ManagedEncryption_WithExplicitSettings()
         var registryEntries = new Dictionary<string, object>()
         {
             ["EncryptionType"] = "managed",
-            ["EncryptionAlgorithmType"] = typeof(TripleDES).AssemblyQualifiedName,
+            ["EncryptionAlgorithmType"] = typeof(Aes).AssemblyQualifiedName,
             ["EncryptionAlgorithmKeySize"] = 2048,
             ["ValidationAlgorithmType"] = typeof(HMACSHA1).AssemblyQualifiedName
         };
         var expectedConfiguration = new ManagedAuthenticatedEncryptorConfiguration()
         {
-            EncryptionAlgorithmType = typeof(TripleDES),
+            EncryptionAlgorithmType = typeof(Aes),
             EncryptionAlgorithmKeySize = 2048,
             ValidationAlgorithmType = typeof(HMACSHA1)
         };