Enable trimming for data protection (#41118)

Co-authored-by: James Newton-King <[email protected]>

Author: pranavkm

eng/TrimmableProjects.props

@@ -7,6 +7,13 @@
 -->
 <Project>
   <ItemGroup>
+    <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.Abstractions" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Cryptography.Internal" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" />
+    <TrimmableProject Include="Microsoft.AspNetCore.DataProtection" />
+    <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" />
+    <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.Extensions" />
+    <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting.Abstractions" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting.Server.Abstractions" />

src/DataProtection/Abstractions/src/DataProtectionCommonExtensions.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.DataProtection.Abstractions;
 using Microsoft.Extensions.Internal;
 
@@ -182,6 +183,7 @@ public static IDataProtector GetDataProtector(this IServiceProvider services, st
     /// <param name="protector">The data protector to use for this operation.</param>
     /// <param name="plaintext">The plaintext data to protect.</param>
     /// <returns>The protected form of the plaintext data.</returns>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public static string Protect(this IDataProtector protector, string plaintext)
     {
         if (protector == null)
@@ -216,6 +218,7 @@ public static string Protect(this IDataProtector protector, string plaintext)
     /// <exception cref="System.Security.Cryptography.CryptographicException">
     /// Thrown if <paramref name="protectedData"/> is invalid or malformed.
     /// </exception>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public static string Unprotect(this IDataProtector protector, string protectedData)
     {
         if (protector == null)

src/DataProtection/Abstractions/src/IDataProtector.cs

@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.DataProtection;
 
 /// <summary>
@@ -13,6 +15,7 @@ public interface IDataProtector : IDataProtectionProvider
     /// </summary>
     /// <param name="plaintext">The plaintext data to protect.</param>
     /// <returns>The protected form of the plaintext data.</returns>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     byte[] Protect(byte[] plaintext);
 
     /// <summary>
@@ -23,5 +26,6 @@ public interface IDataProtector : IDataProtectionProvider
     /// <exception cref="System.Security.Cryptography.CryptographicException">
     /// Thrown if the protected data is invalid or malformed.
     /// </exception>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     byte[] Unprotect(byte[] protectedData);
 }

src/DataProtection/Abstractions/src/Microsoft.AspNetCore.DataProtection.Abstractions.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>ASP.NET Core data protection abstractions.
@@ -10,12 +10,14 @@ Microsoft.AspNetCore.DataProtection.IDataProtector</Description>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;dataprotection</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>
-    <Compile Include="..\..\shared\src\*.cs" />
+    <Compile Include="..\..\shared\src\*.cs" LinkBase="Shared" />
     <Compile Include="$(SharedSourceRoot)WebEncoders\**\*.cs" />
+    <Compile Include="$(SharedSourceRoot)TrimmingAttributes.cs" LinkBase="Shared"
+      Condition="'$(TargetFramework)' != '$(DefaultNetCoreTargetFramework)'" />
   </ItemGroup>
 
 </Project>

src/DataProtection/Cryptography.Internal/src/Microsoft.AspNetCore.Cryptography.Internal.csproj

@@ -7,7 +7,7 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;dataprotection</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
 </Project>

src/DataProtection/Cryptography.KeyDerivation/src/Microsoft.AspNetCore.Cryptography.KeyDerivation.csproj

@@ -7,7 +7,7 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;dataprotection</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
     <Nullable Condition="'$(TargetFramework)' == 'netstandard2.0'">annotations</Nullable>
   </PropertyGroup>
 

src/DataProtection/DataProtection/src/ActivatorExtensions.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Cryptography;
 using Microsoft.AspNetCore.DataProtection.Internal;
 using Microsoft.Extensions.DependencyInjection;
@@ -17,6 +18,7 @@ internal static class ActivatorExtensions
     /// Creates an instance of <paramref name="implementationTypeName"/> and ensures
     /// that it is assignable to <typeparamref name="T"/>.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public static T CreateInstance<T>(this IActivator activator, string implementationTypeName)
         where T : class
     {

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/AuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Xml.Linq;
 
@@ -16,6 +17,7 @@ public sealed class AuthenticatedEncryptorDescriptorDeserializer : IAuthenticate
     /// <summary>
     /// Imports the <see cref="AuthenticatedEncryptorDescriptor"/> from serialized XML.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
     {
         if (element == null)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngCbcAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.Versioning;
 using System.Xml.Linq;
 
@@ -17,6 +18,7 @@ public sealed class CngCbcAuthenticatedEncryptorDescriptorDeserializer : IAuthen
     /// <summary>
     /// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
     {
         if (element == null)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/CngGcmAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.Versioning;
 using System.Xml.Linq;
 
@@ -17,6 +18,7 @@ public sealed class CngGcmAuthenticatedEncryptorDescriptorDeserializer : IAuthen
     /// <summary>
     /// Imports the <see cref="CngCbcAuthenticatedEncryptorDescriptor"/> from serialized XML.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
     {
         if (element == null)

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/IAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml.Linq;
 
 namespace Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
@@ -15,5 +16,6 @@ public interface IAuthenticatedEncryptorDescriptorDeserializer
     /// </summary>
     /// <param name="element">The element to deserialize.</param>
     /// <returns>The <see cref="IAuthenticatedEncryptorDescriptor"/> represented by <paramref name="element"/>.</returns>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element);
 }

src/DataProtection/DataProtection/src/AuthenticatedEncryption/ConfigurationModel/ManagedAuthenticatedEncryptorDescriptorDeserializer.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Cryptography;
 using System.Xml.Linq;
 
@@ -16,6 +17,7 @@ public sealed class ManagedAuthenticatedEncryptorDescriptorDeserializer : IAuthe
     /// <summary>
     /// Imports the <see cref="ManagedAuthenticatedEncryptorDescriptor"/> from serialized XML.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
     {
         if (element == null)
@@ -46,6 +48,7 @@ public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
 
     // Any changes to this method should also be be reflected
     // in ManagedAuthenticatedEncryptorDescriptor.TypeToFriendlyName.
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     private static Type FriendlyNameToType(string typeName)
     {
         if (typeName == nameof(Aes))

src/DataProtection/DataProtection/src/EphemeralDataProtectionProvider.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.InteropServices;
 using Microsoft.AspNetCore.Cryptography.Cng;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
@@ -94,6 +95,7 @@ public EphemeralKeyRing(ILoggerFactory loggerFactory)
             return (keyId == default(Guid)) ? DefaultAuthenticatedEncryptor : null;
         }
 
+        [RequiresUnreferencedCode(TrimmerWarning.Message)]
         public IKeyRing GetCurrentKeyRing()
         {
             return this;

src/DataProtection/DataProtection/src/IPersistedDataProtector.cs

@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.DataProtection;
 
 /// <summary>
@@ -29,5 +31,6 @@ public interface IPersistedDataProtector : IDataProtector
     /// Implementations should throw CryptographicException if the protected data is
     /// invalid or malformed.
     /// </remarks>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     byte[] DangerousUnprotect(byte[] protectedData, bool ignoreRevocationErrors, out bool requiresMigration, out bool wasRevoked);
 }

src/DataProtection/DataProtection/src/IRegistryPolicyResolver.cs

@@ -1,12 +1,15 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.DataProtection;
 
 // Single implementation of this interface is conditionally added to DI on Windows
 // We have to use interface because some DI implementations would try to activate class
 // even if it was not registered causing problems crossplat
 internal interface IRegistryPolicyResolver
 {
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     RegistryPolicy? ResolvePolicy();
 }

src/DataProtection/DataProtection/src/Internal/IActivator.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 
 namespace Microsoft.AspNetCore.DataProtection.Internal;
 
@@ -15,5 +16,6 @@ public interface IActivator
     /// Creates an instance of <paramref name="implementationTypeName"/> and ensures
     /// that it is assignable to <paramref name="expectedBaseType"/>.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     object CreateInstance(Type expectedBaseType, string implementationTypeName);
 }

src/DataProtection/DataProtection/src/KeyManagement/DeferredKey.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
@@ -17,6 +18,7 @@ namespace Microsoft.AspNetCore.DataProtection.KeyManagement;
 /// </summary>
 internal sealed class DeferredKey : KeyBase
 {
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     public DeferredKey(
         Guid keyId,
         DateTimeOffset creationDate,
@@ -34,6 +36,7 @@ public DeferredKey(
     {
     }
 
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     private static Func<IAuthenticatedEncryptorDescriptor> GetLazyDescriptorDelegate(IInternalXmlKeyManager keyManager, XElement keyElement)
     {
         // The <key> element will be held around in memory for a potentially lengthy period
@@ -42,13 +45,19 @@ private static Func<IAuthenticatedEncryptorDescriptor> GetLazyDescriptorDelegate
 
         try
         {
-            return () => keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement());
+            return GetLazyDescriptorDelegate;
         }
         finally
         {
             // It's important that the lambda above doesn't capture 'descriptorElement'. Clearing the reference here
             // helps us detect if we've done this by causing a null ref at runtime.
             keyElement = null!;
         }
+
+        [RequiresUnreferencedCode(TrimmerWarning.Message)]
+        IAuthenticatedEncryptorDescriptor GetLazyDescriptorDelegate()
+        {
+            return keyManager.DeserializeDescriptorFromKeyElement(encryptedKeyElement.ToXElement());
+        }
     }
 }

src/DataProtection/DataProtection/src/KeyManagement/IKeyManager.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Threading;
 
 namespace Microsoft.AspNetCore.DataProtection.KeyManagement;
@@ -28,6 +29,7 @@ public interface IKeyManager
     /// Fetches all keys from the underlying repository.
     /// </summary>
     /// <returns>The collection of all keys.</returns>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     IReadOnlyCollection<IKey> GetAllKeys();
 
     /// <summary>

src/DataProtection/DataProtection/src/KeyManagement/Internal/ICacheableKeyRingProvider.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 
 namespace Microsoft.AspNetCore.DataProtection.KeyManagement.Internal;
 
@@ -15,5 +16,6 @@ public interface ICacheableKeyRingProvider
     /// This API supports infrastructure and is not intended to be used
     /// directly from your code. This API may change or be removed in future releases.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     CacheableKeyRing GetCacheableKeyRing(DateTimeOffset now);
 }

src/DataProtection/DataProtection/src/KeyManagement/Internal/IInternalXmlKeyManager.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Xml.Linq;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
 
@@ -23,6 +24,7 @@ public interface IInternalXmlKeyManager
     /// This API supports infrastructure and is not intended to be used
     /// directly from your code. This API may change or be removed in future releases.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     IAuthenticatedEncryptorDescriptor DeserializeDescriptorFromKeyElement(XElement keyElement);
 
     /// <summary>

src/DataProtection/DataProtection/src/KeyManagement/Internal/IKeyRingProvider.cs

@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.DataProtection.KeyManagement.Internal;
 
 /// <summary>
@@ -13,5 +15,6 @@ public interface IKeyRingProvider
     /// This API supports infrastructure and is not intended to be used
     /// directly from your code. This API may change or be removed in future releases.
     /// </summary>
+    [RequiresUnreferencedCode(TrimmerWarning.Message)]
     IKeyRing GetCurrentKeyRing();
 }