tests, misc: fix test, mark as false obsolete

DennisDyallo · DennisDyallo · commit 30251888e570 · 2025-04-09T17:07:10.000+02:00
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/ImportAsymmetricKeyCommand.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/ImportAsymmetricKeyCommand.cs
@@ -215,7 +215,7 @@ private ImportAsymmetricKeyCommand()
         /// <exception cref="ArgumentException">
         /// The <c>privateKey</c> argument does not contain a key.
         /// </exception>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public ImportAsymmetricKeyCommand(
             PivPrivateKey privateKey,
             byte slotNumber,
@@ -274,7 +274,7 @@ public ImportAsymmetricKeyCommand(
         /// <exception cref="ArgumentException">
         /// The <c>privateKey</c> argument does not contain a key.
         /// </exception>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public ImportAsymmetricKeyCommand(PivPrivateKey privateKey)
         {
             if (privateKey is null)
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/Converters/PivKeyDecoder.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/Converters/PivKeyDecoder.cs
@@ -90,7 +90,7 @@ public static Curve25519PublicKey CreateCurve25519PublicKey(ReadOnlyMemory<byte>
     /// The created instance will be one of the following concrete types:
     /// <list type="bullet">
     /// <item><see cref="RSAPrivateKey"/></item>
-    /// <item><see cref="ECPrivateKeyParameters"/></item>
+    /// <item><see cref="ECPrivateKey"/></item>
     /// <item><see cref="Curve25519PrivateKey"/></item>
     /// </list>
     /// </remarks>
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPublicKey.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPublicKey.cs
@@ -83,7 +83,7 @@ private PivEccPublicKey()
         /// <exception cref="ArgumentException">
         /// The format of the public point is not supported.
         /// </exception>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public PivEccPublicKey(ReadOnlySpan<byte> publicPoint, PivAlgorithm? algorithm = null)
         {
             if (!LoadEccPublicKey(publicPoint, algorithm))
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivMetadata.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivMetadata.cs
@@ -314,7 +314,7 @@ private void ParseResponseData(ReadOnlyMemory<byte> responseData)
         /// <summary>
         /// The public key associated with the private key in the given slot.
         /// </summary>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public PivPublicKey PublicKey { get; private set; } 
         
         /// <summary>
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Attestation.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Attestation.cs
@@ -328,7 +328,7 @@ public X509Certificate2 GetAttestationCertificate()
         /// Mutual authentication was performed and the YubiKey was not
         /// authenticated.
         /// </exception>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public void ReplaceAttestationKeyAndCertificate(PivPrivateKey privateKey, X509Certificate2 certificate)
         {
             byte[] certDer = CheckVersionKeyAndCertRequirements(privateKey.Algorithm.GetKeyType(), certificate);
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Crypto.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Crypto.cs
@@ -267,7 +267,7 @@ public byte[] Decrypt(byte slotNumber, ReadOnlyMemory<byte> dataToDecrypt)
                     ExceptionMessages.IncorrectCiphertextLength));
         }
         
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public byte[] KeyAgree(byte slotNumber, PivPublicKey correspondentPublicKey)
         {
             if (correspondentPublicKey is null)
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.KeyPairs.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.KeyPairs.cs
@@ -32,7 +32,7 @@ public sealed partial class PivSession : IDisposable
         private const int PivCompressionTag = 0x71;
         private const int PivLrcTag = 0xFE;
         
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public PivPublicKey GenerateKeyPair(
             byte slotNumber,
             PivAlgorithm algorithm,
@@ -255,7 +255,7 @@ public IPublicKey GenerateKeyPair(
         /// <exception cref="NotSupportedException">
         /// If the specified <see cref="PivAlgorithm"/> is not supported by the provided <see cref="IYubiKeyDevice"/>.
         /// </exception>
-        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]
+        [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]
         public void ImportPrivateKey(
             byte slotNumber,
             PivPrivateKey privateKey,
diff --git a/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/ImportTests.cs b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/ImportTests.cs
@@ -92,12 +92,11 @@ public void ImportPrivateKey_with_PrivateKey_Succeeds_and_HasExpectedValues(
         [InlineData(KeyType.RSA2048, StandardTestDevice.Fw5)]
         [InlineData(KeyType.RSA3072, StandardTestDevice.Fw5)]
         [InlineData(KeyType.RSA4096, StandardTestDevice.Fw5)]
-        [Obsolete("Replaced by IPrivateKey")] // TODO
         public void KeyAndCertImport(
             KeyType keyType,
             StandardTestDevice testDeviceType)
         {
-            IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
+            var testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
             Assert.True(testDevice.EnabledUsbCapabilities.HasFlag(YubiKeyCapabilities.Piv));
 
             using var pivSession = new PivSession(testDevice);
@@ -107,11 +106,12 @@ public void KeyAndCertImport(
             var collectorObj = new Simple39KeyCollector();
             pivSession.KeyCollector = collectorObj.Simple39KeyCollectorDelegate;
 
-            isValid = SampleKeyPairs.GetMatchingKeyAndCert(keyType, out var cert, out var privateKey);
-            Assert.True(isValid);
+            var testPrivateKey = TestKeys.GetTestPrivateKey(keyType);
+            var testCert =TestKeys.GetTestCertificate(keyType);
+            var privateKey = AsnPrivateKeyDecoder.CreatePrivateKey(testPrivateKey.EncodedKey);
 
-            pivSession.ImportPrivateKey(0x90, privateKey!);
-            pivSession.ImportCertificate(0x90, cert!);
+            pivSession.ImportPrivateKey(0x90, privateKey);
+            pivSession.ImportCertificate(0x90, testCert.AsX509Certificate2()!);
         }
 
         [SkippableTheory(typeof(NotSupportedException), typeof(DeviceNotFoundException))]
diff --git a/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/KeyAgreeTests.cs b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/KeyAgreeTests.cs
@@ -31,7 +31,7 @@ public class KeyAgreeTests
         [InlineData(KeyType.ECP384, PivPinPolicy.Never, StandardTestDevice.Fw5)]
         [InlineData(KeyType.X25519, PivPinPolicy.Never, StandardTestDevice.Fw5)]
         [InlineData(KeyType.X25519, PivPinPolicy.Always, StandardTestDevice.Fw5)]
-        public void KeyAgree_Succeeds(
+        public void KeyAgree_SharedSecret_IsValid(
             KeyType keyType,
             PivPinPolicy pinPolicy,
             StandardTestDevice testDeviceType)
diff --git a/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/SignTests.cs b/Yubico.YubiKey/tests/integration/Yubico/YubiKey/Piv/SignTests.cs
@@ -27,6 +27,7 @@ namespace Yubico.YubiKey.Piv
 {
     public class SignTests
     {
+        
         [Trait(TraitTypes.Category, TestCategories.Simple)]
         [SkippableTheory(typeof(NotSupportedException), typeof(DeviceNotFoundException))]
         [InlineData(StandardTestDevice.Fw5)]
@@ -35,7 +36,7 @@ public void Sign_WithEd25519_RandomData_Succeeds(
             StandardTestDevice testDeviceType)
         {
             // Arrange
-            var dataToSign = new byte[3062];
+            var dataToSign = new byte[3062]; // APDU cannot be bigger than this
             Random.Shared.NextBytes(dataToSign);
             
             // -> Generate a Ed25519 key
@@ -241,63 +242,6 @@ public void SignRsa_VerifyCSharp_Correct(
             }
         }
 
-        [SkippableTheory(typeof(DeviceNotFoundException))]
-        [InlineData(StandardTestDevice.Fw5, KeyType.ECP256, 0x94)]
-        [InlineData(StandardTestDevice.Fw5Fips, KeyType.ECP384, 0x95)]
-        [Obsolete("Use the keyparameters method instead")]
-        public void SignEcc_VerifyCSharp_CorrectObsolete(
-            StandardTestDevice testDeviceType,
-            KeyType keyType,
-            byte slotNumber)
-        {
-            byte[] dataToSign = new byte[128];
-            Random.Shared.NextBytes(dataToSign);
-
-            var hashAlgorithm = keyType switch
-            {
-                KeyType.ECP256 => HashAlgorithmName.SHA256,
-                _ => HashAlgorithmName.SHA384,
-            };
-
-            using HashAlgorithm digester = keyType switch
-            {
-                KeyType.ECP256 => CryptographyProviders.Sha256Creator(),
-                _ => CryptographyProviders.Sha384Creator(),
-            };
-
-            digester.TransformFinalBlock(dataToSign, 0, dataToSign.Length);
-
-            _ = SampleKeyPairs.GetKeysAndCertPem(keyType, false, out _, out var pubKeyPem, out var priKeyPem);
-            var pubKey = new KeyConverter(pubKeyPem!.ToCharArray());
-            var priKey = new KeyConverter(priKeyPem!.ToCharArray());
-
-            try
-            {
-                IYubiKeyDevice testDevice = IntegrationTestDeviceEnumeration.GetTestDevice(testDeviceType);
-                Assert.True(testDevice.AvailableUsbCapabilities.HasFlag(YubiKeyCapabilities.Piv));
-
-                using var pivSession = new PivSession(testDevice);
-                var collectorObj = new Simple39KeyCollector();
-                pivSession.KeyCollector = collectorObj.Simple39KeyCollectorDelegate;
-
-                pivSession.ImportPrivateKey(slotNumber, priKey.GetPivPrivateKey());
-
-                byte[] signature = pivSession.Sign(slotNumber, digester.Hash);
-
-                bool isValid = ConvertEcdsaSignature(signature, digester.Hash!.Length, out byte[] rsSignature);
-                Assert.True(isValid);
-
-                using ECDsa eccPublic = pubKey.GetEccObject();
-                bool isVerified = eccPublic.VerifyData(dataToSign, rsSignature, hashAlgorithm);
-                Assert.True(isVerified);
-            }
-            finally
-            {
-                priKey.Clear();
-            }
-        }
-
-
         [SkippableTheory(typeof(DeviceNotFoundException))]
         [InlineData(StandardTestDevice.Fw5, KeyType.ECP256, 0x94)]
         [InlineData(StandardTestDevice.Fw5Fips, KeyType.ECP384, 0x95)]
@@ -323,7 +267,6 @@ public void SignEcc_VerifyCSharp_Correct(
 
             digester.TransformFinalBlock(dataToSign, 0, dataToSign.Length);
 
-            // _ = SampleKeyPairs.GetKeysAndCertPem(keyType, false, out _, out var pubKeyPem, out var priKeyPem);
             var (testPublicKey, testPrivateKey) = TestKeys.GetKeyPair(keyType);
             var privateKey = ECPrivateKey.CreateFromPkcs8(testPrivateKey.EncodedKey);
             try

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ private PivEccPublicKey()`
`83`	`83`	`/// <exception cref="ArgumentException">`
`84`	`84`	`/// The format of the public point is not supported.`
`85`	`85`	`/// </exception>`
`86`		`- [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]`
	`86`	`+ [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]`
`87`	`87`	`public PivEccPublicKey(ReadOnlySpan<byte> publicPoint, PivAlgorithm? algorithm = null)`
`88`	`88`	`{`
`89`	`89`	`if (!LoadEccPublicKey(publicPoint, algorithm))`
Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,7 @@ public X509Certificate2 GetAttestationCertificate()`
`328`	`328`	`/// Mutual authentication was performed and the YubiKey was not`
`329`	`329`	`/// authenticated.`
`330`	`330`	`/// </exception>`
`331`		`- [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]`
	`331`	`+ [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]`
`332`	`332`	`public void ReplaceAttestationKeyAndCertificate(PivPrivateKey privateKey, X509Certificate2 certificate)`
`333`	`333`	`{`
`334`	`334`	`byte[] certDer = CheckVersionKeyAndCertRequirements(privateKey.Algorithm.GetKeyType(), certificate);`
Original file line number	Diff line number	Diff line change
`@@ -267,7 +267,7 @@ public byte[] Decrypt(byte slotNumber, ReadOnlyMemory<byte> dataToDecrypt)`
`267`	`267`	`ExceptionMessages.IncorrectCiphertextLength));`
`268`	`268`	`}`
`269`	`269`
`270`		`- [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey, ECPublicKey or ECPrivateKeyParameters instead")]`
	`270`	`+ [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use IPublicKey, IPrivateKey instead", false)]`
`271`	`271`	`public byte[] KeyAgree(byte slotNumber, PivPublicKey correspondentPublicKey)`
`272`	`272`	`{`
`273`	`273`	`if (correspondentPublicKey is null)`