Merge pull request #210 from Yubico/feature/new-piv-keys-2

Feature: Added Ed25519 and X25519 keys to the PIV application

Author: DennisDyallo

Yubico.Core/src/Yubico/Core/Tlv/TlvObject.cs

@@ -13,34 +13,37 @@
 // limitations under the License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Linq;
+using System.Security.Cryptography;
 
 namespace Yubico.Core.Tlv
 {
     /// <summary>
     /// Tag, length, Value structure that helps to parse APDU response data.
     /// This class handles BER-TLV encoded data with determinate length.
     /// </summary>
-    public class TlvObject
+    public sealed class TlvObject : IDisposable
     {
         /// <summary>
         /// Returns the tag.
         /// </summary>
-        public int Tag { get; }
+        public int Tag { get; private set; }
 
         /// <summary>
-        /// Returns the value.
+        /// Returns a copy of the value.
         /// </summary>
         public Memory<byte> Value => _bytes.Skip(_offset).Take(Length).ToArray();
 
         /// <summary>
         /// Returns the length of the value.
         /// </summary>
-        public int Length { get; }
+        public int Length { get; private set; }
 
         private readonly byte[] _bytes;
         private readonly int _offset;
+        private bool _disposed;
 
         /// <summary>
         /// Creates a new TLV (Tag-Length-Value) object with the specified tag and value.
@@ -63,6 +66,7 @@ public TlvObject(int tag, ReadOnlySpan<byte> value)
             }
 
             Tag = tag;
+            
             // Create a copy of the input value
             byte[] valueBuffer = value.ToArray();
             using var ms = new MemoryStream();
@@ -113,6 +117,22 @@ public static TlvObject Parse(ReadOnlySpan<byte> data)
             ReadOnlySpan<byte> buffer = data;
             return ParseFrom(ref buffer);
         }
+        
+        /// <inheritdoc cref="TlvObject.Parse(ReadOnlySpan{byte})"/> 
+        public static bool TryParse(ReadOnlySpan<byte> data, [NotNullWhen(true)] out TlvObject? tlvObject)
+        {
+            // Poor man's TryParse
+            tlvObject = null;
+            try
+            {
+                tlvObject = ParseFrom(ref data);
+                return true;
+            }
+            catch
+            {
+                return false;
+            }
+        }
 
         /// <summary>
         /// Parses a TLV from a BER-TLV encoded byte array.
@@ -126,6 +146,11 @@ public static TlvObject Parse(ReadOnlySpan<byte> data)
         /// <exception cref="ArgumentException">Thrown if the buffer does not contain a valid TLV.</exception>
         internal static TlvObject ParseFrom(ref ReadOnlySpan<byte> buffer)
         {
+            if (buffer.Length == 0)
+            {
+                throw new ArgumentException("Insufficient data for tag");
+            }
+            
             // The first byte of the TLV is the tag.
             int tag = buffer[0];
 
@@ -194,5 +219,20 @@ public override string ToString()
             return $"Tlv(0x{Tag:X}, {Length}, {BitConverter.ToString(Value.ToArray()).Replace("-", "")})";
 #endif
         }
+
+        /// <summary>
+        /// Dispose the object and clears its buffers
+        /// </summary>
+        public void Dispose()
+        {
+            if (_disposed)
+            {
+                return;
+            }
+            CryptographicOperations.ZeroMemory(_bytes);
+            Length = 0;
+            Tag = 0;
+            _disposed = true;
+        }
     }
 }

Yubico.Core/src/Yubico/Core/Tlv/TlvObjects.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Security.Cryptography;
 
 namespace Yubico.Core.Tlv
 {
@@ -33,7 +34,7 @@ public static IReadOnlyList<TlvObject> DecodeList(ReadOnlySpan<byte> data)
         /// </summary>
         /// <param name="data">Sequence of TLV encoded data</param>
         /// <returns>Dictionary of Tag-Value pairs</returns>
-        public static IReadOnlyDictionary<int, ReadOnlyMemory<byte>> DecodeMap(ReadOnlySpan<byte> data)
+        public static IReadOnlyDictionary<int, ReadOnlyMemory<byte>> DecodeDictionary(ReadOnlySpan<byte> data)
         {
             var tlvs = new Dictionary<int, ReadOnlyMemory<byte>>();
             ReadOnlySpan<byte> buffer = data;
@@ -93,5 +94,50 @@ public static Memory<byte> UnpackValue(int expectedTag, ReadOnlySpan<byte> tlvDa
 
             return tlv.Value.ToArray();
         }
+        
+        public static Memory<byte> EncodeDictionary(IReadOnlyDictionary<int, byte[]> map)
+        {
+            if (map is null)
+            {
+                throw new ArgumentNullException(nameof(map));
+            }
+
+            int totalSize = 0;
+            foreach (KeyValuePair<int, byte[]> entry in map)
+            {
+                var tlv = new TlvObject(entry.Key, entry.Value ?? Array.Empty<byte>());
+                ReadOnlyMemory<byte> bytes = tlv.GetBytes();
+                totalSize += bytes.Length;
+            }
+
+            byte[] result = new byte[totalSize];
+            int position = 0;
+
+            try
+            {
+                foreach (KeyValuePair<int, byte[]> entry in map)
+                {
+                    var tlv = new TlvObject(entry.Key, entry.Value ?? Array.Empty<byte>());
+                    byte[] tlvBytes = tlv.GetBytes().ToArray();
+            
+                    try
+                    {
+                        Buffer.BlockCopy(tlvBytes, 0, result, position, tlvBytes.Length);
+                        position += tlvBytes.Length;
+                    }
+                    finally
+                    {
+                        CryptographicOperations.ZeroMemory(tlvBytes);
+                    }
+                }
+
+                return result.AsMemory(0, position);
+            }
+            catch
+            {
+                CryptographicOperations.ZeroMemory(result);
+                throw;
+            }
+        }
     }
 }

Yubico.Core/tests/Yubico/Core/Devices/Hid/HidDeviceListenerTests.cs

@@ -39,7 +39,7 @@ class FakeHidListener : HidDeviceListener
 
     public class HidDeviceListenerTests
     {
-        // [Fact]
+        // [Fact] // Fails on CI because of it's trying to access the HID device which is not available
         // public void Create_ReturnsInstanceOfListener()
         // {
         //     var listener = HidDeviceListener.Create();

Yubico.Core/tests/Yubico/Core/Tlv/TlvObjectTests.cs

@@ -21,6 +21,30 @@ namespace Yubico.Core.Tlv.UnitTests
 {
     public class TlvObjectTests
     {
+        [Fact]
+        public void Value_Property_Returns_Only_Value_Portion()
+        {
+            // Arrange
+            int tag = 0x7F49;
+            byte[] originalValue = [0x01, 0x02, 0x03, 0x04];
+            TlvObject tlv = new TlvObject(tag, originalValue);
+
+            // Get the full encoded bytes for reference
+            byte[] fullEncodedTlv = tlv.GetBytes().ToArray();
+
+            // Act
+            byte[] extractedValue = tlv.Value.ToArray();
+
+            // Assert
+
+            Assert.Equal(originalValue, extractedValue);
+            Assert.Equal(originalValue.Length, tlv.Length);
+            Assert.NotEqual(fullEncodedTlv, extractedValue);
+            Assert.True(fullEncodedTlv.Length > extractedValue.Length);
+            Assert.Equal(0x7F, fullEncodedTlv[0]);
+            Assert.Equal(0x49, fullEncodedTlv[1]);
+        }
+
         [Fact]
         public void TestDoubleByteTags()
         {
@@ -74,7 +98,8 @@ public void TestUnwrap()
         [Fact]
         public void TestUnwrapThrowsException()
         {
-            Assert.Throws<InvalidOperationException>(() => TlvObjects.UnpackValue(0x7F48, new byte[] { 0x7F, 0x49, 0 }));
+            Assert.Throws<InvalidOperationException>(() =>
+                TlvObjects.UnpackValue(0x7F48, new byte[] { 0x7F, 0x49, 0 }));
         }
 
         [Fact]
@@ -101,7 +126,7 @@ public void DecodeList_EmptyInput_ReturnsEmptyList()
         public void DecodeMap_ValidInput_ReturnsCorrectDictionary()
         {
             var input = new byte[] { 0x01, 0x01, 0xFF, 0x02, 0x02, 0xAA, 0xBB };
-            var result = TlvObjects.DecodeMap(input);
+            var result = TlvObjects.DecodeDictionary(input);
 
             Assert.Equal(2, result.Count);
             Assert.Equal(new byte[] { 0xFF }, result[0x01].ToArray());
@@ -112,7 +137,7 @@ public void DecodeMap_ValidInput_ReturnsCorrectDictionary()
         public void DecodeMap_DuplicateTags_KeepsLastValue()
         {
             var input = new byte[] { 0x01, 0x01, 0xFF, 0x01, 0x01, 0xEE };
-            var result = TlvObjects.DecodeMap(input);
+            var result = TlvObjects.DecodeDictionary(input);
 
             Assert.Single(result);
             Assert.Equal(new byte[] { 0xEE }, result[0x01].ToArray());

Yubico.NET.SDK.sln

@@ -251,7 +251,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "contributordocs", "contribu
 		contributordocs\allowed-dotnet-things-and-versions.md = contributordocs\allowed-dotnet-things-and-versions.md
 		contributordocs\code-flow-and-pull-requests.md = contributordocs\code-flow-and-pull-requests.md
 		contributordocs\getting-started.md = contributordocs\getting-started.md
-		contributordocs\polyfills.md = contributordocs\polyfills.md
 		contributordocs\README.md = contributordocs\README.md
 		contributordocs\testing.md = contributordocs\testing.md
 		contributordocs\useful-links.md = contributordocs\useful-links.md

Yubico.YubiKey/src/Yubico.YubiKey.csproj

@@ -118,6 +118,7 @@ limitations under the License. -->
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
+    <PackageReference Include="System.Formats.Asn1" Version="9.0.3" />
 
     <!-- Remove ExcludeAssets once the package supports netcoreapp and net462 properly -->
     <PackageReference Include="System.Formats.Cbor" Version="7.0.0" ExcludeAssets="buildtransitive" />