[tests] enable FIPS mode for Windows MSBuild tests

Fixes: dotnet#1580

If this works out, this would run our MSBuild test suite while the
[Use FIPS compliant algorithms][0] group policy setting is enabled.

This would validate that Xamarin.Android works as expected going
forward.

[0]: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing

build-tools/automation/azure-pipelines.yaml

@@ -596,6 +596,7 @@ stages:
       clean: all
     variables:
       VSINSTALLDIR: C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise
+      FIPS.RegKey: 'HKLM:\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy'
     steps:
     - template: yaml-templates\setup-test-environment.yaml
       parameters:
@@ -606,6 +607,10 @@ stages:
         artifactName: $(TestAssembliesArtifactName)
         downloadPath: $(System.DefaultWorkingDirectory)\bin\Test$(XA.Build.Configuration)
 
+    - powershell: |
+        Set-ItemProperty -Path $(FIPS.RegKey) -Name Enabled -Value 1
+      displayName: Enable FIPS Policy
+
     - template: yaml-templates\run-nunit-tests.yaml
       parameters:
         testRunTitle: Xamarin.Android.Build.Tests - Windows
@@ -618,6 +623,11 @@ stages:
         testAssembly: $(System.DefaultWorkingDirectory)\bin\Test$(XA.Build.Configuration)\Xamarin.Android.Build.Tests.Commercial.dll
         testResultsFile: TestResult-MSBuildTestsCommercial-Windows-$(XA.Build.Configuration).xml
 
+    - powershell: |
+        Set-ItemProperty -Path $(FIPS.RegKey) -Name Enabled -Value 0
+      displayName: Disable FIPS Policy
+      condition: always ()
+
     - template: yaml-templates\upload-results.yaml
       parameters:
         artifactName: win-msbuild-test-results

src/Xamarin.Android.Build.Tasks/Tests/Xamarin.Android.Build.Tests/BuildTest.cs

@@ -4062,6 +4062,10 @@ public void AbiNameInIntermediateOutputPath ()
 		[Test]
 		public void PackageNamingPolicy ([Values ("LowercaseMD5", "LowercaseCrc64")] string packageNamingPolicy)
 		{
+			if (packageNamingPolicy == "LowercaseMD5" && IsFIPSPolicyEnabled) {
+				Assert.Ignore ("This test requires MD5, ignoring due to FIPS.");
+			}
+
 			var proj = new XamarinAndroidApplicationProject ();
 			proj.SetProperty ("AndroidPackageNamingPolicy", packageNamingPolicy);
 			proj.SetProperty (KnownProperties.AndroidSupportedAbis, "armeabi-v7a;x86");

src/Xamarin.Android.Build.Tasks/Tests/Xamarin.Android.Build.Tests/MaxPathTests.cs

@@ -15,6 +15,9 @@ public class MaxPathTests : BaseTest
 		[SetUp]
 		public void Setup ()
 		{
+			if (IsFIPSPolicyEnabled) {
+				Assert.Ignore ("This test requires MD5, ignoring due to FIPS.");
+			}
 			if (LongPathsSupported) {
 				Assert.Ignore ("This environment supports long paths");
 			}

src/Xamarin.Android.Build.Tasks/Tests/Xamarin.Android.Build.Tests/Utilities/BaseTest.cs

@@ -106,6 +106,8 @@ public void AfterAllTests ()
 
 		protected bool IsLinux => TestEnvironment.IsLinux;
 
+		protected bool IsFIPSPolicyEnabled => TestEnvironment.IsFIPSPolicyEnabled;
+
 		public string CacheRootPath {
 			get {
 				return IsWindows ? Environment.GetFolderPath (Environment.SpecialFolder.LocalApplicationData)

src/Xamarin.Android.Build.Tasks/Tests/Xamarin.ProjectTools/Common/TestEnvironment.cs

@@ -63,6 +63,17 @@ public static bool IsRunningOnHostedAzureAgent {
 			}
 		}
 
+		public static bool IsFIPSPolicyEnabled {
+			get {
+				if (!IsWindows) {
+					return false;
+				}
+
+				int fipsEnabled = (int) Microsoft.Win32.Registry.GetValue (@"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy", "Enabled", 0);
+				return fipsEnabled == 1;
+			}
+		}
+
 		public static readonly string MacOSInstallationRoot = "/Library/Frameworks/Xamarin.Android.framework/Versions/Current";
 
 		static VisualStudioInstance visualStudioInstance;