Merge pull request #230 from Yubico/dennisdyallo/tests

fix,tests: Fixed bug where attest cert could not be RSA3072 or RSA4096, removed obsolete tests and consolidated Piv tests

Author: DennisDyallo

Yubico.YubiKey/examples/PivSampleCode/CertificateOperations/SampleCertificateOperations.cs

@@ -497,7 +497,9 @@ public static AsymmetricAlgorithm GetPublicKeyFromCertificate(X509Certificate2 c
 
             if (string.Equals(certificate.PublicKey.Oid.FriendlyName, "ECC", StringComparison.Ordinal))
             {
+#pragma warning disable CS0618 // Type or member is obsolete
                 var pivPub = new PivEccPublicKey(certificate.PublicKey.EncodedKeyValue.RawData);
+#pragma warning restore CS0618 // Type or member is obsolete
                 return KeyConverter.GetDotNetFromPivPublicKey(pivPub);
             }
 

Yubico.YubiKey/examples/PivSampleCode/Converters/KeyConverter.Asymmetric.cs

@@ -65,7 +65,9 @@ public static PivPublicKey GetPivPublicKeyFromDotNet(AsymmetricAlgorithm dotNetO
                 offset += keySize + (keySize - eccParams.Q.Y.Length);
                 Array.Copy(eccParams.Q.Y, 0, point, offset, eccParams.Q.Y.Length);
 
+#pragma warning disable CS0618 // Type or member is obsolete
                 var eccPubKey = new PivEccPublicKey(point);
+#pragma warning restore CS0618 // Type or member is obsolete
                 return (PivPublicKey)eccPubKey;
             }
 

Yubico.YubiKey/examples/PivSampleCode/YubiKeyOperations/KeyPairs.cs

@@ -33,7 +33,9 @@ public static bool RunGenerateKeyPair(
             {
                 pivSession.KeyCollector = KeyCollectorDelegate;
 
+#pragma warning disable CS0618 // Type or member is obsolete
                 var pivPublicKey = pivSession.GenerateKeyPair(slotNumber, algorithm, pinPolicy, touchPolicy);
+#pragma warning restore CS0618 // Type or member is obsolete
 
                 // At this point you will likely want to save the public key and
                 // other information. For this sample, we're simply going to
@@ -74,7 +76,9 @@ public static bool RunImportPrivateKey(
             {
                 pivSession.KeyCollector = KeyCollectorDelegate;
 
+#pragma warning disable CS0618 // Type or member is obsolete
                 pivSession.ImportPrivateKey(slotNumber, privateKey, pinPolicy, touchPolicy);
+#pragma warning restore CS0618 // Type or member is obsolete
 
                 // At this point you will likely want to save the public key and
                 // other information. For this sample, we're simply going to

Yubico.YubiKey/examples/PivSampleCode/YubiKeyOperations/PrivateKeyOperations.cs

@@ -170,7 +170,9 @@ public static bool RunKeyAgree(
             using (var pivSession = new PivSession(yubiKey))
             {
                 pivSession.KeyCollector = KeyCollectorDelegate;
+#pragma warning disable CS0618 // Type or member is obsolete
                 computedSecret = pivSession.KeyAgree(slotNumber, correspondentPublicKey);
+#pragma warning restore CS0618 // Type or member is obsolete
             }
 
             return true;

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/AsnPublicKeyEncoder.cs

@@ -100,19 +100,12 @@ public static byte[] EncodeToSubjectPublicKeyInfo(
     /// </summary>
     /// <param name="parameters">The RSA public key parameters.</param>
     /// <returns>A byte array containing the ASN.1 DER encoded public key.</returns>
-    /// <remarks>
-    /// Only public key parameters are supported. The method will throw an <see cref="ArgumentException"/> if any of the private key parameters are set.
-    /// </remarks>
     public static byte[] EncodeToSubjectPublicKeyInfo(RSAParameters parameters)
     {
-        if (parameters.D != null ||
-            parameters.P != null ||
-            parameters.Q != null ||
-            parameters.DP != null ||
-            parameters.DQ != null ||
-            parameters.InverseQ != null)
+        if (parameters.Exponent == null ||
+            parameters.Modulus == null)
         {
-            throw new ArgumentException("Only public key parameters should be provided.");
+            throw new InvalidOperationException("Cannot export public key, missing required parameters");
         }
 
         return EncodeToSubjectPublicKeyInfo(parameters.Modulus, parameters.Exponent);
@@ -125,17 +118,7 @@ public static byte[] EncodeToSubjectPublicKeyInfo(RSAParameters parameters)
     /// <returns>A byte array containing the ASN.1 DER encoded public key.</returns>
     public static byte[] EncodeToSubjectPublicKeyInfo(ECParameters parameters)
     {
-        if (parameters.D != null)
-        {
-            throw new ArgumentException("Only public key parameters should be provided.", nameof(parameters));
-        }
-
-        if (parameters.Q.X == null)
-        {
-            throw new ArgumentException("EC point coordinates cannot be null.", nameof(parameters));
-        }
-
-        if (parameters.Q.Y == null)
+        if (parameters.Q.X == null || parameters.Q.Y == null)
         {
             throw new ArgumentException("EC point coordinates cannot be null.", nameof(parameters));
         }

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/ECPublicKey.cs

@@ -99,7 +99,6 @@ protected ECPublicKey(ECDsa ecdsa)
 
     /// <inheritdoc />
     public override byte[] ExportSubjectPublicKeyInfo() => AsnPublicKeyEncoder.EncodeToSubjectPublicKeyInfo(Parameters);
-
 
     /// <summary>
     /// Creates an instance of <see cref="ECPublicKey"/> from the given <paramref name="parameters"/>.
@@ -118,7 +117,7 @@ protected ECPublicKey(ECDsa ecdsa)
     /// <exception cref="ArgumentException">
     /// Thrown if the key type is not a valid EC key.
     /// </exception>
-    public static IPublicKey CreateFromValue(ReadOnlyMemory<byte> publicPoint, KeyType keyType)
+    public static ECPublicKey CreateFromValue(ReadOnlyMemory<byte> publicPoint, KeyType keyType)
     {
         var keyDefinition = KeyDefinitions.GetByKeyType(keyType);
         if (keyDefinition.AlgorithmOid is not Oids.ECDSA)
@@ -142,13 +141,13 @@ public static IPublicKey CreateFromValue(ReadOnlyMemory<byte> publicPoint, KeyTy
     }
 
     /// <summary>
-    /// Creates an instance of <see cref="IPublicKey"/> from a DER-encoded public key.
+    /// Creates an instance of <see cref="ECPublicKey"/> from a DER-encoded public key.
     /// </summary>
     /// <param name="encodedKey">The DER-encoded public key.</param>
     /// <returns>An instance of <see cref="IPublicKey"/>.</returns>
     /// <exception cref="CryptographicException">
     /// Thrown if the public key is invalid.
     /// </exception>
-    public static IPublicKey CreateFromPkcs8(ReadOnlyMemory<byte> encodedKey) =>
-        AsnPublicKeyDecoder.CreatePublicKey(encodedKey);
+    public static ECPublicKey CreateFromPkcs8(ReadOnlyMemory<byte> encodedKey) =>
+        (ECPublicKey)AsnPublicKeyDecoder.CreatePublicKey(encodedKey);
 }

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/IPublicKey.cs

@@ -24,12 +24,3 @@ public interface IPublicKey : IKeyBase
     /// </returns>
     public byte[] ExportSubjectPublicKeyInfo();
 }
-
-public abstract class PublicKey : IPublicKey
-{
-    /// <inheritdoc />
-    public abstract KeyType KeyType { get; }
-    
-    /// <inheritdoc />
-    public abstract byte[] ExportSubjectPublicKeyInfo();
-}

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/KeyDefinitions.cs

@@ -107,6 +107,8 @@ public static KeyDefinition GetByRSALength(int keySizeBits)
 
             throw new NotSupportedException($"Unsupported RSA length: {keySizeBits}");
         }
+        
+        public static KeyDefinition GetByRSAModulusLength(byte[] modulus) => GetByRSALength(modulus.Length * 8);
 
         /// <summary>
         /// Gets a key definition by its curve type.
@@ -162,6 +164,12 @@ public static KeyDefinition GetByOid(string oid)
                 throw new NotSupportedException(
                     "RSA keys are not supported by this method as all RSA keys share the same OID.");
             }
+            
+            if (string.Equals(oid, Oids.ECDSA, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new NotSupportedException(
+                    "All ECDSA keys (P-256, P-384, P-521) share the same OID. Use the Curve OID instead.");
+            }
 
             var keyDefinition = AllDefinitions.Values.FirstOrDefault(d => d.AlgorithmOid == oid || d.CurveOid == oid);
             return keyDefinition ?? throw new NotSupportedException(

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/KeyType.cs

@@ -15,7 +15,7 @@
 namespace Yubico.YubiKey.Cryptography;
 
 /// <summary>
-/// Represents the type of a cryptographic key.
+/// Represents the type of cryptographic key.
 /// </summary>
 public enum KeyType
 {

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/PublicKey.cs

@@ -0,0 +1,24 @@
+// Copyright 2024 Yubico AB
+// 
+// Licensed under the Apache License, Version 2.0 (the "License").
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+//     http://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace Yubico.YubiKey.Cryptography;
+
+public abstract class PublicKey : IPublicKey
+{
+    /// <inheritdoc />
+    public abstract KeyType KeyType { get; }
+    
+    /// <inheritdoc />
+    public abstract byte[] ExportSubjectPublicKeyInfo();
+}