refactor: change zeroMemoryHandle to work with Memory<byte>

Author: DennisDyallo

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/AsnPrivateKeyEncoder.cs

@@ -190,7 +190,7 @@ private static byte[] EncodeECKey(
         writer.PopSequence();
 
         // PrivateKey as OCTET STRING
-        writer.WriteOctetString(ecPrivateKeyHandle.Data);
+        writer.WriteOctetString(ecPrivateKeyHandle.Data.Span);
         writer.PopSequence();
 
         return writer.Encode();
@@ -237,7 +237,7 @@ private static byte[] EncodeCurve25519Key(ReadOnlySpan<byte> privateKey, string
         privateKeyWriter.WriteOctetString(privateKey);
 
         using var privateKeyBytesHandle = new ZeroingMemoryHandle(privateKeyWriter.Encode());
-        writer.WriteOctetString(privateKeyBytesHandle.Data);
+        writer.WriteOctetString(privateKeyBytesHandle.Data.Span);
 
         // End PrivateKeyInfo SEQUENCE
         writer.PopSequence();

Yubico.YubiKey/src/Yubico/YubiKey/Cryptography/ZeroingMemoryHandle.cs

@@ -13,76 +13,34 @@
 // limitations under the License.
 
 using System;
-using System.Collections;
-using System.Collections.Generic;
 using System.Security.Cryptography;
 
 namespace Yubico.YubiKey.Cryptography;
 
-#pragma warning disable CA1710
-internal class ZeroingMemoryHandle : IDisposable, IReadOnlyCollection<byte>, IEnumerable<byte>
-#pragma warning restore CA1710
+internal class ZeroingMemoryHandle : IDisposable
 {
-    private readonly byte[] _data;
+    private readonly Memory<byte> _data;
     private bool _disposed;
-
     public int Length => _disposed ? 0 : _data.Length;
-    public int Count => Length; // For IReadOnlyCollection
-
-    public byte this[int index] => _disposed 
-        ? throw new ObjectDisposedException(nameof(ZeroingMemoryHandle)) 
-        : _data[index];
+    public int Count => Length;
 
-    public ZeroingMemoryHandle(byte[] data)
+    public ZeroingMemoryHandle(Memory<byte> data)
     {
-        _data = data ?? throw new ArgumentNullException(nameof(data));
+        _data = data;
     }
 
-    public ReadOnlySpan<byte> AsSpan() => _disposed 
-        ? ReadOnlySpan<byte>.Empty 
-        : _data.AsSpan();
-
-    public byte[] Data => _disposed 
+    public Memory<byte> Data => _disposed 
         ? throw new ObjectDisposedException(nameof(ZeroingMemoryHandle)) 
         : _data;
-
-    public void CopyTo(byte[] destination, int destinationIndex = 0)
-    {
-        if (_disposed)
-        {
-            throw new ObjectDisposedException(nameof(ZeroingMemoryHandle));
-        }
-
-        Buffer.BlockCopy(_data, 0, destination, destinationIndex, _data.Length);
-    }
-
-    public ReadOnlySpan<byte> Slice(int start, int length) => _disposed 
-        ? ReadOnlySpan<byte>.Empty 
-        : _data.AsSpan(start, length);
-
-    public IEnumerator<byte> GetEnumerator()
-    {
-        if (_disposed)
-        {
-            throw new ObjectDisposedException(nameof(ZeroingMemoryHandle));
-        }
-
-        for (int i = 0; i < _data.Length; i++)
-        {
-            yield return _data[i];
-        }
-    }
-
-    IEnumerator IEnumerable.GetEnumerator() => GetEnumerator();
-
+    
     public void Dispose()
     {
         if (_disposed)
         {
             return;
         }
 
-        CryptographicOperations.ZeroMemory(_data);
+        CryptographicOperations.ZeroMemory(_data.Span);
         _disposed = true;
         GC.SuppressFinalize(this);
     }

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.KeyPairs.cs

@@ -400,9 +400,9 @@ public void ImportPrivateKey(
 
             RefreshManagementKeyAuthentication();
 
-            var pivEncodedKey = privateKey.EncodeAsPiv();
+            using var pivEncodedKeyHandle = new ZeroingMemoryHandle(privateKey.EncodeAsPiv());
             var command = new ImportAsymmetricKeyCommand(
-                pivEncodedKey, 
+                pivEncodedKeyHandle.Data, 
                 privateKey.KeyType,
                 slotNumber, 
                 pinPolicy, 

Yubico.YubiKey/tests/unit/Yubico/YubiKey/Cryptography/ZeroingMemoryHandleTests.cs

@@ -65,7 +65,7 @@ public void NestedUsage_ZeroesAllArraysWhenDisposed()
                 // Simulate combining key and IV for an operation
                 for (int i = 0; i < 5; i++)
                 {
-                    resultData[i] = (byte)(keyHandle.Data[i] ^ ivHandle.Data[i]);
+                    resultData[i] = (byte)(keyHandle.Data.Span[i] ^ ivHandle.Data.Span[i]);
                 }
             }
 
@@ -148,14 +148,14 @@ public void MultiLayerComponent_MaintainsSecurityThroughLayers()
         Assert.All(sensitiveData, b => Assert.Equal(0, b));
     }
 
-// Mock processors for testing
+    // Mock processors for testing
     private static class FirstLayerProcessor
     {
         public static byte[] Process(ZeroingMemoryHandle handle)
         {
             // Simulate processing
             var result = new byte[handle.Data.Length];
-            Buffer.BlockCopy(handle.Data, 0, result, 0, handle.Data.Length);
+            handle.Data.CopyTo(result);
             return result;
         }
     }
@@ -167,7 +167,7 @@ public static byte[] Process(ZeroingMemoryHandle originalHandle, byte[] intermed
             // Simulate more processing
             for (int i = 0; i < originalHandle.Data.Length; i++)
             {
-                intermediateResult[i] ^= originalHandle.Data[i];
+                intermediateResult[i] ^= originalHandle.Data.Span[i];
             }
             return intermediateResult;
         }