Nullable annotate System.Security.Cryptography.Cng (#32039)

* nullable annotate System.Security.Cryptography.Cng

* add nullable directives to common source files

* update ref signatures

* remove erroneous assertion

* address feedback

* address feedback

* address feedback

src/libraries/Common/src/Internal/Cryptography/HashProviderCng.cs

@@ -2,14 +2,14 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+#nullable enable
 using System;
 using System.Diagnostics;
 using Microsoft.Win32.SafeHandles;
 using NTSTATUS = Interop.BCrypt.NTSTATUS;
 using BCryptOpenAlgorithmProviderFlags = Interop.BCrypt.BCryptOpenAlgorithmProviderFlags;
 using BCryptCreateHashFlags = Interop.BCrypt.BCryptCreateHashFlags;
 
-#nullable enable
 namespace Internal.Cryptography
 {
     //

src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+#nullable enable
 using System.Buffers;
 using System.Diagnostics;
 using System.Runtime.InteropServices;

src/libraries/Common/src/System/Security/Cryptography/DSACng.ImportExport.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+#nullable enable
 using Internal.Cryptography;
 using System.Diagnostics;
 

src/libraries/Common/src/System/Security/Cryptography/ECCng.HashAlgorithm.cs

@@ -16,7 +16,7 @@ internal static partial class ECCng
         /// </summary>
         internal static Interop.BCrypt.ECC_CURVE_ALG_ID_ENUM GetHashAlgorithmId(HashAlgorithmName? name)
         {
-            if (name.HasValue == false || string.IsNullOrEmpty(name!.Value.Name))
+            if (name is null || string.IsNullOrEmpty(name.Value.Name))
             {
                 return Interop.BCrypt.ECC_CURVE_ALG_ID_ENUM.BCRYPT_NO_CURVE_GENERATION_ALG_ID;
             }

src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.cs

@@ -5,6 +5,7 @@
 #nullable enable
 using System.Buffers;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.CompilerServices;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography.Asn1;

src/libraries/Common/src/System/Security/Cryptography/RSACng.ImportExport.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+#nullable enable
 using System.Diagnostics;
 using Internal.Cryptography;
 using Internal.NativeCrypto;

src/libraries/System.Security.Cryptography.Cng/ref/System.Security.Cryptography.Cng.csproj

@@ -9,6 +9,7 @@
     <TargetFrameworks>netcoreapp3.0;netstandard2.1;net461;net462;net47;$(NetCoreAppCurrent);$(NetFrameworkCurrent)</TargetFrameworks>
     <ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
     <ExcludeCurrentFullFrameworkFromPackage>true</ExcludeCurrentFullFrameworkFromPackage>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup>
     <Compile Include="System.Security.Cryptography.Cng.cs" />

src/libraries/System.Security.Cryptography.Cng/src/Internal/Cryptography/BasicSymmetricCipherNCrypt.cs

@@ -51,7 +51,7 @@ public sealed override int Transform(byte[] input, int inputOffset, int count, b
 
             int numBytesWritten;
             ErrorCode errorCode;
-            using (SafeNCryptKeyHandle keyHandle = _cngKey.Handle)
+            using (SafeNCryptKeyHandle keyHandle = _cngKey!.Handle)
             {
                 var inputSpan = new ReadOnlySpan<byte>(input, inputOffset, count);
                 var outputSpan = new Span<byte>(output, outputOffset, count);
@@ -104,7 +104,7 @@ protected sealed override void Dispose(bool disposing)
                 if (_cngKey != null)
                 {
                     _cngKey.Dispose();
-                    _cngKey = null;
+                    _cngKey = null!;
                 }
             }
 
@@ -116,7 +116,7 @@ private void Reset()
             if (IV != null)
             {
                 CngProperty prop = new CngProperty(Interop.NCrypt.NCRYPT_INITIALIZATION_VECTOR, IV, CngPropertyOptions.None);
-                _cngKey.SetProperty(prop);
+                _cngKey!.SetProperty(prop);
             }
         }
 

src/libraries/System.Security.Cryptography.Cng/src/Internal/Cryptography/CngAlgorithmCore.cs

@@ -17,7 +17,7 @@ internal struct CngAlgorithmCore
     {
         private readonly string _disposedName;
         public CngAlgorithm DefaultKeyType;
-        private CngKey _lazyKey;
+        private CngKey? _lazyKey;
         private bool _disposed;
 
         public CngAlgorithmCore(string disposedName) : this()

src/libraries/System.Security.Cryptography.Cng/src/Internal/Cryptography/CngSymmetricAlgorithmCore.cs

@@ -110,12 +110,12 @@ public ICryptoTransform CreateDecryptor()
             return CreateCryptoTransform(encrypting: false);
         }
 
-        public ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
+        public ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[]? rgbIV)
         {
             return CreateCryptoTransform(rgbKey, rgbIV, encrypting: true);
         }
 
-        public ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
+        public ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[]? rgbIV)
         {
             return CreateCryptoTransform(rgbKey, rgbIV, encrypting: false);
         }
@@ -130,7 +130,7 @@ private ICryptoTransform CreateCryptoTransform(bool encrypting)
             return CreatePersistedCryptoTransformCore(ProduceCngKey, _outer.IV, encrypting);
         }
 
-        private ICryptoTransform CreateCryptoTransform(byte[] rgbKey, byte[] rgbIV, bool encrypting)
+        private ICryptoTransform CreateCryptoTransform(byte[] rgbKey, byte[]? rgbIV, bool encrypting)
         {
             if (rgbKey == null)
                 throw new ArgumentNullException(nameof(rgbKey));
@@ -149,14 +149,14 @@ private ICryptoTransform CreateCryptoTransform(byte[] rgbKey, byte[] rgbIV, bool
 
             // CloneByteArray is null-preserving. So even when GetCipherIv returns null the iv variable
             // is correct, and detached from the input parameter.
-            byte[] iv = _outer.Mode.GetCipherIv(rgbIV).CloneByteArray();
+            byte[]? iv = _outer.Mode.GetCipherIv(rgbIV).CloneByteArray();
 
             key = _outer.PreprocessKey(key);
 
             return CreateEphemeralCryptoTransformCore(key, iv, encrypting);
         }
 
-        private ICryptoTransform CreateEphemeralCryptoTransformCore(byte[] key, byte[] iv, bool encrypting)
+        private ICryptoTransform CreateEphemeralCryptoTransformCore(byte[] key, byte[]? iv, bool encrypting)
         {
             int blockSizeInBytes = _outer.BlockSize.BitSizeToByteSize();
             SafeAlgorithmHandle algorithmModeHandle = _outer.GetEphemeralModeHandle();
@@ -186,7 +186,7 @@ private CngKey ProduceCngKey()
         {
             Debug.Assert(!KeyInPlainText);
 
-            return CngKey.Open(_keyName, _provider, _optionOptions);
+            return CngKey.Open(_keyName!, _provider!, _optionOptions);
         }
 
         private bool KeyInPlainText
@@ -197,8 +197,8 @@ private bool KeyInPlainText
         private readonly ICngSymmetricAlgorithm _outer;
 
         // If using a stored CNG key, these fields provide the CngKey.Open() parameters. If using a plaintext key, _keyName is set to null.
-        private string _keyName;
-        private readonly CngProvider _provider;
+        private string? _keyName;
+        private readonly CngProvider? _provider;
         private readonly CngKeyOpenOptions _optionOptions;
 
         private const int BitsPerByte = 8;

src/libraries/System.Security.Cryptography.Cng/src/Internal/Cryptography/Helpers.cs

@@ -21,7 +21,7 @@ public static bool UsesIv(this CipherMode cipherMode)
             return cipherMode != CipherMode.ECB;
         }
 
-        public static byte[] GetCipherIv(this CipherMode cipherMode, byte[] iv)
+        public static byte[]? GetCipherIv(this CipherMode cipherMode, byte[]? iv)
         {
             if (cipherMode.UsesIv())
             {
@@ -50,7 +50,7 @@ public static byte[] GetCipherIv(this CipherMode cipherMode, byte[] iv)
         //
         // which always sets "p" to a non-NULL pointer for a non-null byte array.
         //
-        public static byte[] MapZeroLengthArrayToNonNullPointer(this byte[] src)
+        public static byte[]? MapZeroLengthArrayToNonNullPointer(this byte[]? src)
         {
             if (src != null && src.Length == 0)
                 return new byte[1];
@@ -74,7 +74,7 @@ public static SafeNCryptProviderHandle OpenStorageProvider(this CngProvider prov
         /// null - if property not defined on key.
         /// throws - for any other type of error.
         /// </returns>
-        public static byte[] GetProperty(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        public static byte[]? GetProperty(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
         {
             unsafe
             {
@@ -104,9 +104,9 @@ public static byte[] GetProperty(this SafeNCryptHandle ncryptHandle, string prop
         /// Retrieve a well-known CNG string property. (Note: .NET Framework compat: this helper likes to return special values rather than throw exceptions for missing
         /// or ill-formatted property values. Only use it for well-known properties that are unlikely to be ill-formatted.)
         /// </summary>
-        public static string GetPropertyAsString(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
+        public static string? GetPropertyAsString(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
         {
-            byte[] value = ncryptHandle.GetProperty(propertyName, options);
+            byte[]? value = ncryptHandle.GetProperty(propertyName, options);
             if (value == null)
                 return null;   // .NET Framework compat: return null if key not present.
             if (value.Length == 0)
@@ -115,7 +115,7 @@ public static string GetPropertyAsString(this SafeNCryptHandle ncryptHandle, str
             {
                 fixed (byte* pValue = &value[0])
                 {
-                    string valueAsString = Marshal.PtrToStringUni((IntPtr)pValue);
+                    string? valueAsString = Marshal.PtrToStringUni((IntPtr)pValue);
                     return valueAsString;
                 }
             }
@@ -127,7 +127,7 @@ public static string GetPropertyAsString(this SafeNCryptHandle ncryptHandle, str
         /// </summary>
         public static int GetPropertyAsDword(this SafeNCryptHandle ncryptHandle, string propertyName, CngPropertyOptions options)
         {
-            byte[] value = ncryptHandle.GetProperty(propertyName, options);
+            byte[]? value = ncryptHandle.GetProperty(propertyName, options);
             if (value == null)
                 return 0;   // .NET Framework compat: return 0 if key not present.
             return BitConverter.ToInt32(value, 0);

src/libraries/System.Security.Cryptography.Cng/src/Microsoft/Win32/SafeHandles/NCryptSafeHandles.cs

@@ -4,6 +4,7 @@
 
 using System;
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.InteropServices;
 
 using ErrorCode = Interop.NCrypt.ErrorCode;
@@ -61,9 +62,9 @@ private enum OwnershipState
         /// <summary>
         ///     If the handle is a Duplicate, this points at the safe handle which actually owns the native handle.
         /// </summary>
-        private SafeNCryptHandle _holder;
+        private SafeNCryptHandle? _holder;
 
-        private SafeHandle _parentHandle;
+        private SafeHandle? _parentHandle;
 
         protected SafeNCryptHandle() : base(true)
         {
@@ -98,6 +99,7 @@ protected SafeNCryptHandle(IntPtr handle, SafeHandle parentHandle)
         /// <summary>
         ///     Wrapper for the _holder field which ensures that we're in a consistent state
         /// </summary>
+        [MaybeNull]
         private SafeNCryptHandle Holder
         {
             get
@@ -166,7 +168,7 @@ private bool IsValidOpenState
                         {
                             if (acquiredHolder)
                             {
-                                Holder.DangerousRelease();
+                                Holder!.DangerousRelease();
                             }
                         }
 
@@ -239,7 +241,7 @@ private bool IsValidOpenState
             bool addedRef = false;
             T duplicate = new T();
 
-            Holder.DangerousAddRef(ref addedRef);
+            Holder!.DangerousAddRef(ref addedRef);
             duplicate.SetHandle(Holder.DangerousGetHandle());
             duplicate.Holder = Holder;              // Transitions to OwnershipState.Duplicate
 
@@ -309,7 +311,7 @@ protected override bool ReleaseHandle()
         {
             if (_ownershipState == OwnershipState.Duplicate)
             {
-                Holder.DangerousRelease();
+                Holder!.DangerousRelease();
                 return true;
             }
             else if (_parentHandle != null)

src/libraries/System.Security.Cryptography.Cng/src/System.Security.Cryptography.Cng.csproj

@@ -8,6 +8,7 @@
     <TargetFrameworks>netstandard2.0;netstandard2.1;net461-Windows_NT;netcoreapp3.0-Windows_NT;netcoreapp3.0;net462-Windows_NT;net47-Windows_NT;$(NetCoreAppCurrent)-Windows_NT;$(NetCoreAppCurrent);$(NetFrameworkCurrent)-Windows_NT</TargetFrameworks>
     <ExcludeCurrentNetCoreAppFromPackage>true</ExcludeCurrentNetCoreAppFromPackage>
     <ExcludeCurrentFullFrameworkFromPackage>true</ExcludeCurrentFullFrameworkFromPackage>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
   <PropertyGroup Condition="'$(TargetsWindows)' != 'true'">
     <GeneratePlatformNotSupportedAssemblyMessage>SR.PlatformNotSupported_CryptographyCng</GeneratePlatformNotSupportedAssemblyMessage>

src/libraries/System.Security.Cryptography.Cng/src/System/Security/Cryptography/AesCng.cs

@@ -67,7 +67,7 @@ public override ICryptoTransform CreateDecryptor()
             return _core.CreateDecryptor();
         }
 
-        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
+        public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[]? rgbIV)
         {
             return _core.CreateDecryptor(rgbKey, rgbIV);
         }
@@ -78,7 +78,7 @@ public override ICryptoTransform CreateEncryptor()
             return _core.CreateEncryptor();
         }
 
-        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
+        public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[]? rgbIV)
         {
             return _core.CreateEncryptor(rgbKey, rgbIV);
         }

src/libraries/System.Security.Cryptography.Cng/src/System/Security/Cryptography/CngAlgorithm.cs

@@ -36,7 +36,7 @@ public string Algorithm
             }
         }
 
-        public static bool operator ==(CngAlgorithm left, CngAlgorithm right)
+        public static bool operator ==(CngAlgorithm? left, CngAlgorithm? right)
         {
             if (object.ReferenceEquals(left, null))
             {
@@ -46,7 +46,7 @@ public string Algorithm
             return left.Equals(right);
         }
 
-        public static bool operator !=(CngAlgorithm left, CngAlgorithm right)
+        public static bool operator !=(CngAlgorithm? left, CngAlgorithm? right)
         {
             if (object.ReferenceEquals(left, null))
             {
@@ -56,14 +56,14 @@ public string Algorithm
             return !left.Equals(right);
         }
 
-        public override bool Equals(object obj)
+        public override bool Equals(object? obj)
         {
             Debug.Assert(_algorithm != null);
 
             return Equals(obj as CngAlgorithm);
         }
 
-        public bool Equals(CngAlgorithm other)
+        public bool Equals(CngAlgorithm? other)
         {
             if (object.ReferenceEquals(other, null))
             {
@@ -201,20 +201,20 @@ public static CngAlgorithm Sha512
             }
         }
 
-        private static CngAlgorithm s_ecdh;
-        private static CngAlgorithm s_ecdhp256;
-        private static CngAlgorithm s_ecdhp384;
-        private static CngAlgorithm s_ecdhp521;
-        private static CngAlgorithm s_ecdsa;
-        private static CngAlgorithm s_ecdsap256;
-        private static CngAlgorithm s_ecdsap384;
-        private static CngAlgorithm s_ecdsap521;
-        private static CngAlgorithm s_md5;
-        private static CngAlgorithm s_sha1;
-        private static CngAlgorithm s_sha256;
-        private static CngAlgorithm s_sha384;
-        private static CngAlgorithm s_sha512;
-        private static CngAlgorithm s_rsa;
+        private static CngAlgorithm? s_ecdh;
+        private static CngAlgorithm? s_ecdhp256;
+        private static CngAlgorithm? s_ecdhp384;
+        private static CngAlgorithm? s_ecdhp521;
+        private static CngAlgorithm? s_ecdsa;
+        private static CngAlgorithm? s_ecdsap256;
+        private static CngAlgorithm? s_ecdsap384;
+        private static CngAlgorithm? s_ecdsap521;
+        private static CngAlgorithm? s_md5;
+        private static CngAlgorithm? s_sha1;
+        private static CngAlgorithm? s_sha256;
+        private static CngAlgorithm? s_sha384;
+        private static CngAlgorithm? s_sha512;
+        private static CngAlgorithm? s_rsa;
 
         private readonly string _algorithm;
     }