refactor: minor work on Piv Attestation and RSAPublicKey

- lookup of key definitions
- determine valid attestation cert

Author: DennisDyallo

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/KeyDefinitions.cs

@@ -107,6 +107,8 @@ public static KeyDefinition GetByRSALength(int keySizeBits)
 
             throw new NotSupportedException($"Unsupported RSA length: {keySizeBits}");
         }
+        
+        public static KeyDefinition GetByRSAModulusLength(byte[] modulus) => GetByRSALength(modulus.Length * 8);
 
         /// <summary>
         /// Gets a key definition by its curve type.
@@ -162,6 +164,12 @@ public static KeyDefinition GetByOid(string oid)
                 throw new NotSupportedException(
                     "RSA keys are not supported by this method as all RSA keys share the same OID.");
             }
+            
+            if (string.Equals(oid, Oids.ECDSA, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new NotSupportedException(
+                    "All ECDSA keys (P-256, P-384, P-521) share the same OID. Use the Curve OID instead.");
+            }
 
             var keyDefinition = AllDefinitions.Values.FirstOrDefault(d => d.AlgorithmOid == oid || d.CurveOid == oid);
             return keyDefinition ?? throw new NotSupportedException(

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/RSAPublicKey.cs

@@ -45,7 +45,7 @@ public sealed class RSAPublicKey : PublicKey
     private RSAPublicKey(RSAParameters parameters)
     {
         Parameters = parameters.DeepCopy();
-        KeyDefinition = KeyDefinitions.GetByRSALength(parameters.Modulus.Length * 8);
+        KeyDefinition = KeyDefinitions.GetByRSAModulusLength(parameters.Modulus);
     }
 
     /// <inheritdoc />

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/AuthenticateSignCommand.cs

@@ -14,7 +14,9 @@
 
 using System;
 using System.Globalization;
+using System.Linq;
 using Yubico.Core.Iso7816;
+using Yubico.YubiKey.Cryptography;
 
 namespace Yubico.YubiKey.Piv.Commands
 {
@@ -90,13 +92,6 @@ public sealed class AuthenticateSignCommand : AuthenticateCommand, IYubiKeyComma
     {
         private const byte DigestTag = 0x81;
 
-        private const int Rsa1024DigestDataLength = 128;
-        private const int Rsa2048DigestDataLength = 256;
-        private const int Rsa3072DigestDataLength = 384;
-        private const int Rsa4096DigestDataLength = 512;
-        private const int EccP256DigestDataLength = 32;
-        private const int EccP384DigestDataLength = 48;
-
         // The default constructor explicitly defined. We don't want it to be
         // used.
         private AuthenticateSignCommand()
@@ -166,25 +161,21 @@ public AuthenticateSignCommand(ReadOnlyMemory<byte> digestData, byte slotNumber)
             DataTag = DigestTag;
             Data = digestData;
             SlotNumber = slotNumber;
+            Algorithm = GetPivAlgorithm(digestData);
+        }
 
-            // Determine the algorithm based on the length of the digest data.
-            // Currently, the length of the data must be 128 (RSA-1024), 256
-            // (RSA-2048), 384 (RSA-3072), 512 (RSA-4096), 32 (ECC-P256), or 48 (ECC-P384).
-            // Return the PivAlgorithm, or if the length is not supported, throw an
-            // exception.
-            Algorithm = digestData.Length switch
+        private static PivAlgorithm GetPivAlgorithm(ReadOnlyMemory<byte> digestData)
+        {
+            if (KeyDefinitions.All.Values
+                    .Where(k => k.IsRSA || k.IsEllipticCurve)
+                    .Where(k => !k.KeyType.IsCurve25519())
+                    .SingleOrDefault(k => k.LengthInBytes == digestData.Length) is { } keyDefinition)
             {
-                Rsa1024DigestDataLength => PivAlgorithm.Rsa1024,
-                Rsa2048DigestDataLength => PivAlgorithm.Rsa2048,
-                Rsa3072DigestDataLength => PivAlgorithm.Rsa3072,
-                Rsa4096DigestDataLength => PivAlgorithm.Rsa4096,
-                EccP256DigestDataLength => PivAlgorithm.EccP256,
-                EccP384DigestDataLength => PivAlgorithm.EccP384,
-                _ => throw new ArgumentException(
-                    string.Format(
-                        CultureInfo.CurrentCulture,
-                        ExceptionMessages.IncorrectDigestLength)),
-            };
+                return keyDefinition.KeyType.GetPivAlgorithm();
+            }
+
+            throw new ArgumentException(
+                string.Format(CultureInfo.CurrentCulture, ExceptionMessages.IncorrectDigestLength));
         }
 
         /// <summary>

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Attestation.cs

@@ -17,6 +17,7 @@
 using System.Globalization;
 using System.Numerics;
 using System.Security;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using Yubico.Core.Tlv;
 using Yubico.YubiKey.Cryptography;
@@ -118,7 +119,6 @@ public X509Certificate2 CreateAttestationStatement(byte slotNumber)
             // This call will throw an exception if there was a problem with
             // attestation (imported, invalid cert, etc.).
             return response.GetData();
-
         }
 
         /// <summary>
@@ -404,8 +404,7 @@ private void CheckVersionKeyAndCertRequirements(KeyType keyType, X509Certificate
                         ExceptionMessages.NotSupportedByYubiKeyVersion));
             }
 
-            bool isValidCert = IsSupportedCert(certificate, keyType);
-            if (!isValidCert)
+            if (!IsSupportedCert(certificate, keyType))
             {
                 throw new ArgumentException(
                     string.Format(
@@ -414,19 +413,48 @@ private void CheckVersionKeyAndCertRequirements(KeyType keyType, X509Certificate
             }
         }
 
-        // Is there really a cert in this variable? Is it > version 1?
-        // If so, set certDer to the DER encoding of the cert.
         private static bool IsSupportedCert(X509Certificate2 certificate, KeyType keyType)
         {
-            byte[] certDer = certificate.GetRawCertData();
+            string oidValue = certificate.PublicKey.Oid.Value;
+            bool isRsa = oidValue == Oids.RSA;
+            if (isRsa && certificate.PublicKey.Key.KeySize == KeyDefinitions.RSA1024.LengthInBits)
+            {
+                // RSA 1024 is not supported for attestation.
+                return false;
+            }
 
+            var certKeyType = oidValue switch
+            {
+                Oids.ECDSA => GetKeyTypeForECDsa(certificate.GetECDsaPublicKey()),
+                Oids.RSA => GetKeyTypeForRSA(certificate.GetRSAPublicKey()),
+                Oids.Ed25519 => KeyType.Ed25519,
+                _ => throw new ArgumentException($"Unsupported key type: {keyType}")
+            };
+
+            // var certKeyType = isRsa
+            //     ? KeyDefinitions.GetByRSALength(certificate.PublicKey.Key.KeySize).KeyType
+            //     : GetKeyTypeForECDsa(certificate);
+            bool isSameAlgorithm = certKeyType == keyType;
+            byte[] certDer = certificate.GetRawCertData();
             return certificate.Handle != IntPtr.Zero &&
                 certificate.Version > 1 &&
                 certDer.Length is > 0 and < MaximumCertDerLength &&
-                certificate.PublicKey.Oid.Value == keyType.GetAlgorithmOid() &&
+                isSameAlgorithm && 
                 IsValidCertNameAndValidity(certDer);
         }
 
+        private static KeyType GetKeyTypeForECDsa(ECDsa ecdsa)
+        {
+            var parameters = ecdsa.ExportParameters(false);
+            return KeyDefinitions.GetByOid(parameters.Curve.Oid).KeyType;
+        }
+        
+        private static KeyType GetKeyTypeForRSA(RSA rsa)
+        {
+            var parameters = rsa.ExportParameters(false);
+            return KeyDefinitions.GetByRSAModulusLength(parameters.Modulus).KeyType;
+        }
+
         private static bool IsValidCertNameAndValidity(byte[] certDer)
         {
             var reader = new AsnReader(certDer, AsnEncodingRules.BER);
@@ -445,7 +473,8 @@ private static bool IsValidCertNameAndValidity(byte[] certDer)
             var subject = seqTbsCert.ReadSequence();
             int subjectValue = GetSequenceLength(subject);
 
-            return validityValue < MaximumValidityValueLength && subjectValue < MaximumNameValueLength;
+            return validityValue < MaximumValidityValueLength && 
+                subjectValue < MaximumNameValueLength;
         }
 
         private static BigInteger? ReadVersion(AsnReader seqTbsCert)