fix: add backwards compatibility for PivEccPrivateKeys

DennisDyallo · DennisDyallo · commit 2593ce57da72 · 2025-04-07T12:03:01.000+02:00
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPrivateKey.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPrivateKey.cs
@@ -66,7 +66,9 @@ private PivEccPrivateKey()
         /// <exception cref="ArgumentException">
         /// The size of the private value is not supported by the YubiKey.
         /// </exception>
-        public PivEccPrivateKey(ReadOnlySpan<byte> privateValue, PivAlgorithm? algorithm = null)
+        public PivEccPrivateKey(
+            ReadOnlySpan<byte> privateValue, 
+            PivAlgorithm? algorithm = null)
         {
             if (algorithm.HasValue)
             {
@@ -83,8 +85,15 @@ public PivEccPrivateKey(ReadOnlySpan<byte> privateValue, PivAlgorithm? algorithm
                 };
             }
 
+            int tag = Algorithm switch
+            {
+                PivAlgorithm.EccEd25519 => PivConstants.PrivateECEd25519Tag,
+                PivAlgorithm.EccX25519 => PivConstants.PrivateECX25519Tag,
+                _ => PivConstants.PrivateECDsaTag
+            };
+            
             var tlvWriter = new TlvWriter();
-            tlvWriter.WriteValue(PivConstants.PrivateECDsaTag, privateValue);
+            tlvWriter.WriteValue(tag, privateValue);
             EncodedKey = tlvWriter.Encode();
             _privateValue = new Memory<byte>(privateValue.ToArray());
         }
@@ -94,29 +103,31 @@ public PivEccPrivateKey(ReadOnlySpan<byte> privateValue, PivAlgorithm? algorithm
         /// encoding.
         /// </summary>
         /// <param name="encodedPrivateKey">
-        /// The PIV TLV encoding.
+        ///     The PIV TLV encoding.
         /// </param>
+        /// <param name="pivAlgorithm"></param>
         /// <returns>
         /// A new instance of a PivEccPrivateKey object based on the encoding.
         /// </returns>
         /// <exception cref="ArgumentException">
         /// The encoding of the private key is not supported.
         /// </exception>
-        public static PivEccPrivateKey CreateEccPrivateKey(ReadOnlyMemory<byte> encodedPrivateKey)
+        public static PivEccPrivateKey CreateEccPrivateKey(
+            ReadOnlyMemory<byte> encodedPrivateKey,
+            PivAlgorithm? pivAlgorithm)
         {
             var tlvReader = new TlvReader(encodedPrivateKey);
-
-            if (tlvReader.HasData == false || tlvReader.PeekTag() != PivConstants.PrivateECDsaTag)
+            int tag = tlvReader.PeekTag();
+            if (tlvReader.HasData == false || !PivConstants.IsValidPrivateECTag(tag))
             {
                 throw new ArgumentException(
                     string.Format(
                         CultureInfo.CurrentCulture,
                         ExceptionMessages.InvalidPrivateKeyData));
             }
 
-            var value = tlvReader.ReadValue(PivConstants.PrivateECDsaTag);
-
-            return new PivEccPrivateKey(value.Span);
+            var value = tlvReader.ReadValue(tag);
+            return new PivEccPrivateKey(value.Span, pivAlgorithm);
         }
 
         /// <inheritdoc />
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivPrivateKey.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivPrivateKey.cs
@@ -94,16 +94,17 @@ public PivPrivateKey()
         /// <c>PivEccPrivateKey</c>.
         /// </remarks>
         /// <param name="encodedPrivateKey">
-        /// The PIV TLV encoding.
+        ///     The PIV TLV encoding.
         /// </param>
+        /// <param name="pivAlgorithm"></param>
         /// <returns>
         /// An instance of a subclass of <c>PivPrivateKey</c>, the actual key
         /// represented by the encoding.
         /// </returns>
         /// <exception cref="ArgumentException">
         /// The key data supplied is not a supported encoding.
         /// </exception>
-        public static PivPrivateKey Create(ReadOnlyMemory<byte> encodedPrivateKey)
+        public static PivPrivateKey Create(ReadOnlyMemory<byte> encodedPrivateKey, PivAlgorithm? pivAlgorithm = null)
         {
             byte tag = 0;
             if (encodedPrivateKey.Length > 0)
@@ -119,14 +120,10 @@ public static PivPrivateKey Create(ReadOnlyMemory<byte> encodedPrivateKey)
                             CultureInfo.CurrentCulture,
                             ExceptionMessages.InvalidPrivateKeyData));
 
-                case PivConstants.PrivateECDsaTag:
-                    return PivEccPrivateKey.CreateEccPrivateKey(encodedPrivateKey);
+                case var _ when PivConstants.IsValidPrivateECTag(tag):
+                    return PivEccPrivateKey.CreateEccPrivateKey(encodedPrivateKey, pivAlgorithm);
 
-                case PivConstants.PrivateRSAPrimePTag:
-                case PivConstants.PrivateRSAPrimeQTag:
-                case PivConstants.PrivateRSAExponentPTag:
-                case PivConstants.PrivateRSAExponentQTag:
-                case PivConstants.PrivateRSACoefficientTag:
+                case var _ when PivConstants.IsValidPrivateRSATag(tag):
                     return PivRsaPrivateKey.CreateRsaPrivateKey(encodedPrivateKey);
             }
         }
