refactor: use KeyDefinition lookup for PivEccPrivateKey

DennisDyallo · DennisDyallo · commit a4b897fa9ab0 · 2025-05-26T16:19:25.000+02:00
diff --git a/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPrivateKey.cs b/Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivEccPrivateKey.cs
@@ -13,10 +13,12 @@
 // limitations under the License.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
+using System.Collections.Generic;
 using System.Globalization;
+using System.Linq;
 using System.Security.Cryptography;
 using Yubico.Core.Tlv;
+using Yubico.YubiKey.Cryptography;
 
 namespace Yubico.YubiKey.Piv
 {
@@ -28,12 +30,11 @@ namespace Yubico.YubiKey.Piv
     /// of a point on the curve. So for ECC P-256, each coordinate is 32 bytes
     /// (256 bits), so the private value will be 32 bytes.
     /// </remarks>
-    [Obsolete("Usage of PivEccPublic/PivEccPrivateKey, PivRsaPublic/PivRsaPrivateKey is deprecated. Use implementations of ECPublicKey, ECPrivateKey and RSAPublicKey, RSAPrivateKey instead", false)]
+    [Obsolete(
+        "Usage of PivEccPublic/PivEccPrivateKey, PivRsaPublic/PivRsaPrivateKey is deprecated. Use implementations of ECPublicKey, ECPrivateKey and RSAPublicKey, RSAPrivateKey instead",
+        false)]
     public sealed class PivEccPrivateKey : PivPrivateKey
     {
-        private const int EccP256PrivateKeySize = 32;
-        private const int EccP384PrivateKeySize = 48;
-
         private Memory<byte> _privateValue;
 
         // <summary>
@@ -70,12 +71,12 @@ private PivEccPrivateKey()
         /// </exception>
         [Obsolete("Usage of PivEccPublic/PivEccPrivateKey is deprecated. Use ECPublicKey, ECPrivateKey instead", false)]
         public PivEccPrivateKey(
-            ReadOnlySpan<byte> privateValue, 
+            ReadOnlySpan<byte> privateValue,
             PivAlgorithm? algorithm = null)
         {
             if (algorithm.HasValue)
             {
-                ValidateSize(privateValue, algorithm);
+                ValidateSize(privateValue, algorithm.Value);
                 Algorithm = algorithm.Value;
             }
             else
@@ -89,17 +90,17 @@ public PivEccPrivateKey(
                 PivAlgorithm.EccX25519 => PivConstants.PrivateECX25519Tag,
                 _ => PivConstants.PrivateECDsaTag
             };
-            
+
             var tlvWriter = new TlvWriter();
             tlvWriter.WriteValue(tag, privateValue);
             EncodedKey = tlvWriter.Encode();
             _privateValue = new Memory<byte>(privateValue.ToArray());
         }
 
-        private static void ValidateSize(ReadOnlySpan<byte> privateValue, [DisallowNull] PivAlgorithm? algorithm)
+        private static void ValidateSize(ReadOnlySpan<byte> privateValue, PivAlgorithm algorithm)
         {
-            int expectedSize = algorithm.Value.GetPivKeyDefinition().KeyDefinition.LengthInBytes;
-            if(privateValue.Length != expectedSize)
+            int expectedSize = algorithm.GetPivKeyDefinition().KeyDefinition.LengthInBytes;
+            if (privateValue.Length != expectedSize)
             {
                 throw new ArgumentException(
                     string.Format(
@@ -109,13 +110,16 @@ private static void ValidateSize(ReadOnlySpan<byte> privateValue, [DisallowNull]
 
         private static PivAlgorithm GetBySize(ReadOnlySpan<byte> privateValue)
         {
-            return privateValue.Length switch
+            int privateValueSize = privateValue.Length;
+            var allowed = new List<KeyDefinition> { KeyDefinitions.P256, KeyDefinitions.P384 };
+            if (allowed.SingleOrDefault(kd => kd.LengthInBytes == privateValueSize) is { } keyDefinition)
             {
-                EccP256PrivateKeySize => PivAlgorithm.EccP256,
-                EccP384PrivateKeySize => PivAlgorithm.EccP384,
-                _ => throw new ArgumentException(string.Format(
-                    CultureInfo.CurrentCulture, ExceptionMessages.InvalidPrivateKeyData))
-            };
+                return keyDefinition.GetPivKeyDefinition().Algorithm;
+            }
+
+            throw new ArgumentException(
+                string.Format(
+                    CultureInfo.CurrentCulture, ExceptionMessages.InvalidPrivateKeyData));
         }
 
         /// <summary>
diff --git a/Yubico.YubiKey/tests/unit/Yubico/YubiKey/Piv/PivPrivateKeyTests.cs b/Yubico.YubiKey/tests/unit/Yubico/YubiKey/Piv/PivPrivateKeyTests.cs
@@ -25,10 +25,17 @@ public class PivPrivateKeyTests
     {
         [Theory]
         [InlineData(KeyType.ECP256)]
+        [InlineData(KeyType.ECP384)]
         [InlineData(KeyType.Ed25519)]
         public void Constructor_with_Algorithm_SetsAlgorithm(KeyType keyType)
         {
-            var pk = new PivEccPrivateKey(new byte[32], keyType.GetPivAlgorithm());
+            var keyBytes = keyType switch
+            {
+                KeyType.ECP384 => new byte[48],
+                _ => new byte[32],
+            };
+            
+            var pk = new PivEccPrivateKey(keyBytes, keyType.GetPivAlgorithm());
             Assert.Equal(keyType.GetPivAlgorithm(), pk.Algorithm);
             Assert.Equal(keyType, pk.KeyType);
         }

Original file line number	Diff line number	Diff line change
`@@ -25,10 +25,17 @@ public class PivPrivateKeyTests`
`25`	`25`	`{`
`26`	`26`	`[Theory]`
`27`	`27`	`[InlineData(KeyType.ECP256)]`
	`28`	`+ [InlineData(KeyType.ECP384)]`
`28`	`29`	`[InlineData(KeyType.Ed25519)]`
`29`	`30`	`public void Constructor_with_Algorithm_SetsAlgorithm(KeyType keyType)`
`30`	`31`	`{`
`31`		`- var pk = new PivEccPrivateKey(new byte[32], keyType.GetPivAlgorithm());`
	`32`	`+ var keyBytes = keyType switch`
	`33`	`+ {`
	`34`	`+ KeyType.ECP384 => new byte[48],`
	`35`	`+ _ => new byte[32],`
	`36`	`+ };`
	`37`	`+`
	`38`	`+ var pk = new PivEccPrivateKey(keyBytes, keyType.GetPivAlgorithm());`
`32`	`39`	`Assert.Equal(keyType.GetPivAlgorithm(), pk.Algorithm);`
`33`	`40`	`Assert.Equal(keyType, pk.KeyType);`
`34`	`41`	`}`