Revert "wip: Add support for Ed25519 in PIV sample code"

This reverts commit 87a29b0

Author: DennisDyallo

Yubico.YubiKey/examples/PivSampleCode/Converters/KeyConverter.Pem.cs

@@ -81,7 +81,6 @@ public static PivPrivateKey GetPivPrivateKeyFromPem(char[] pemKeyString)
         // of the ECDsa object.
         public static AsymmetricAlgorithm GetDotNetFromPem(char[] pemKeyString, bool isPrivate)
         {
-            
             byte[] encodedKey = Array.Empty<byte>();
             var rsaParams = new RSAParameters();
             var eccParams = new ECParameters();

Yubico.YubiKey/examples/PivSampleCode/DotNetOperations/PublicKeyOperations.cs

@@ -14,8 +14,6 @@
 
 using System;
 using System.Security.Cryptography;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
 using Yubico.YubiKey.Piv;
 
 namespace Yubico.YubiKey.Sample.PivSampleCode
@@ -50,24 +48,6 @@ public static bool SampleVerifySignature(
                 throw new ArgumentNullException(nameof(publicKey));
             }
 
-            if (publicKey.Algorithm is PivAlgorithm.EccEd25519)
-            {
-                // Create Ed25519 public key parameters
-                var withoutPivHeader = publicKey.YubiKeyEncodedPublicKey.Span[2..];
-                var ed25519key = new Ed25519PublicKeyParameters(withoutPivHeader);
-
-                // Verify the signature
-                var verifier = new Ed25519Signer();
-                verifier.Init(false, ed25519key); // false indicates verification mode
-                verifier.BlockUpdate(dataToVerify, 0, dataToVerify.Length);
-
-                bool isValid = verifier.VerifySignature(signature);
-
-                Console.WriteLine($"Signature (Base64): {Convert.ToBase64String(signature)}");
-                isVerified = isValid;
-                return isVerified;
-            }
-
             using var asymObject = KeyConverter.GetDotNetFromPivPublicKey(publicKey);
 
             // The algorithm is either RSA or ECC, otherwise the KeyConverter

Yubico.YubiKey/examples/PivSampleCode/KeyCollector/SampleKeyCollector.cs

@@ -168,7 +168,7 @@ public static byte[] CollectValue(string defaultValueString, string name)
             SampleMenu.WriteMessage(MessageType.Title, 0, "Enter D for default value (" + defaultValueString + ")");
             char[] collectedValue = SampleMenu.ReadResponse(out int _);
 
-            if (collectedValue.Length == 1 && (collectedValue[0] == 'D' || collectedValue[0] == 'd'))
+            if (collectedValue.Length == 1 && collectedValue[0] == 'D')
             {
                 return defaultValueString switch
                 {

Yubico.YubiKey/examples/PivSampleCode/PivSampleCode.csproj

@@ -30,8 +30,4 @@ limitations under the License. -->
     <ProjectReference Include="..\SharedSampleCode\SharedSampleCode.csproj" />
   </ItemGroup>
 
-  <ItemGroup>
-    <PackageReference Include="BouncyCastle.Cryptography" Version="2.5.1" />
-  </ItemGroup>
-
 </Project>

Yubico.YubiKey/examples/PivSampleCode/Run/PivSampleRun.Operations.cs

@@ -16,7 +16,6 @@
 using System.Linq;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
-using Yubico.YubiKey.Cryptography;
 using Yubico.YubiKey.Piv;
 using Yubico.YubiKey.Sample.SharedCode;
 
@@ -249,32 +248,19 @@ public bool RunImportPrivateKey()
                 return RunInvalidEntry();
             }
 
-            if (!GetPemPrivateKey(algorithm, out string pemPrivateKey))
-            {
-                return false;
-            }
-            
-            if (!GetPemPublicKey(algorithm, out string pemPublicKey))
+            if (!GetPemPrivateKey(algorithm, out string pemKey))
             {
                 return false;
             }
 
-            // var pivPrivateKey = KeyConverter.GetPivPrivateKeyFromPem(pemKey.ToCharArray());
-            // var pivPublicKey = KeyConverter.GetPivPublicKeyFromPem(pemKey.ToCharArray());
-
-            var base64PrivateKey = GetBytesFromPem(pemPrivateKey);
-            var privateKeyParameters = Curve25519PrivateKeyParameters.CreateFromPkcs8(base64PrivateKey);
-            
-            var base64PublicKey = GetBytesFromPem(pemPublicKey);
-            var publicKeyParameters = Curve25519PublicKeyParameters.CreateFromPkcs8(base64PublicKey);
+            var pivPrivateKey = KeyConverter.GetPivPrivateKeyFromPem(pemKey.ToCharArray());
+            var pivPublicKey = KeyConverter.GetPivPublicKeyFromPem(pemKey.ToCharArray());
 
             if (KeyPairs.RunImportPrivateKey(
                 _yubiKeyChosen,
                 _keyCollector.SampleKeyCollectorDelegate,
-                privateKeyParameters,
-                publicKeyParameters,
-                // pivPrivateKey,
-                // pivPublicKey,
+                pivPrivateKey,
+                pivPublicKey,
                 slotNumber,
                 pinPolicy,
                 touchPolicy,
@@ -287,7 +273,7 @@ public bool RunImportPrivateKey()
 
             return false;
         }
-        
+
         public static bool WriteImportCertMessage()
         {
             SampleMenu.WriteMessage(MessageType.Title, 0, "See the items/code for BuildSelfSignedCert and BuildCert");
@@ -317,19 +303,10 @@ public bool RunSignData()
             // This sample code will use SHA-384 for EccP384, and SHA-256
             // for all other algorithms.
             var hashAlgorithm = HashAlgorithmName.SHA384;
-            
-            if (signSlotContents.Algorithm == PivAlgorithm.EccEd25519)
+            if (signSlotContents.Algorithm != PivAlgorithm.EccP384)
             {
-                hashAlgorithm = HashAlgorithmName.SHA512;
+                hashAlgorithm = HashAlgorithmName.SHA256;
             }
-            else
-            {
-                if (signSlotContents.Algorithm != PivAlgorithm.EccP384)
-                {
-                    hashAlgorithm = HashAlgorithmName.SHA256;
-                }
-            }
-
 
             byte[] dataToSign = GetArbitraryDataToSign();
 
@@ -937,90 +914,18 @@ private static bool GetPemPrivateKey(PivAlgorithm algorithm, out string pemKey)
                         "3tD+iq9lgB+8QNDJP6C6KginR3H1jMNRPMvaNrQC/VBpse+1Z1t5pvo=\n" +
                         "-----END PRIVATE KEY-----";
                     break;
-                
-                
-                case PivAlgorithm.EccEd25519:
-                    pemKey = "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIDuLFRxirWSFqyiMTPB65M4sWI+smRcCdyMEL8RtN7ib\n-----END PRIVATE KEY-----";
-                    break;
-                
-                case PivAlgorithm.EccX25519:
-                    pemKey =
-                        "-----BEGIN PRIVATE KEY-----\n" +
-                        "MC4CAQAwBQYDK2VuBCIEIGCCufpem+pMrhHcQwUvrUxh0KQ9zrNjuAVxM/E4d5hN\n" +
-                        "-----END PRIVATE KEY-----";
-                    break;
             }
 
             return true;
         }
 
-        private static bool GetPemPublicKey(
-            PivAlgorithm algorithm,
-            out string pemKey)
-        {
-            pemKey = null;
-
-            switch (algorithm)
-            {
-                default:
-                    return false;
-
-                case PivAlgorithm.Rsa1024:
-                case PivAlgorithm.Rsa2048:
-                case PivAlgorithm.EccP256:
-                case PivAlgorithm.EccP384:
-                    break;
-
-                case PivAlgorithm.EccEd25519:
-                    pemKey ="-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAvvmMviNf0LdUmfr5dVNZQaC79t3Ga7xTaD62d+icCtE=\n-----END PUBLIC KEY-----";
-                    break;
-                
-                case PivAlgorithm.EccX25519:
-                    pemKey =
-                        "-----BEGIN PUBLIC KEY-----\n" +
-                        "MCowBQYDK2VuAyEAyZ3Gl2lM1X9SVyAFjGi5skd28d9mQtJW1uf/zlrIhCU=\n" +
-                        "-----END PUBLIC KEY-----\n";
-                    break;
-            }
-
-            return true;
-        }
         private static byte[] GetArbitraryDataToSign()
         {
             string arbitraryData = "To demonstrate how to sign data we need data to sign. " +
                 "For this sample code, it doesn't really matter what the data is, " +
                 "so just return some arbitrary data.";
-            
-            arbitraryData = "Hello, Ed25519!";
-
 
             return System.Text.Encoding.ASCII.GetBytes(arbitraryData);
         }
-        
-        private static byte[] GetBytesFromPem(
-            string pemData)
-        {
-            var base64 = StripPemHeaderFooter(pemData);
-            return Convert.FromBase64String(base64);
-        }
-        
-        private static string StripPemHeaderFooter(
-            string pemData)
-        {
-            var base64 = pemData
-                .Replace("-----BEGIN PUBLIC KEY-----", "")
-                .Replace("-----END PUBLIC KEY-----", "")
-                .Replace("-----BEGIN PRIVATE KEY-----", "")
-                .Replace("-----END PRIVATE KEY-----", "")
-                .Replace("-----BEGIN EC PRIVATE KEY-----", "")
-                .Replace("-----END EC PRIVATE KEY-----", "")
-                .Replace("-----BEGIN CERTIFICATE-----", "")
-                .Replace("-----END CERTIFICATE-----", "")
-                .Replace("-----BEGIN CERTIFICATE REQUEST-----", "")
-                .Replace("-----END CERTIFICATE REQUEST-----", "")
-                .Replace("\n", "")
-                .Trim();
-            return base64;
-        }
     }
 }

Yubico.YubiKey/examples/PivSampleCode/YubiKeyOperations/KeyPairs.cs

@@ -14,7 +14,6 @@
 
 using System;
 using System.Security.Cryptography.X509Certificates;
-using Yubico.YubiKey.Cryptography;
 using Yubico.YubiKey.Piv;
 
 namespace Yubico.YubiKey.Sample.PivSampleCode
@@ -55,10 +54,8 @@ public static bool RunGenerateKeyPair(
         public static bool RunImportPrivateKey(
             IYubiKeyDevice yubiKey,
             Func<KeyEntryData, bool> KeyCollectorDelegate,
-            // PivPrivateKey privateKey,
-            // PivPublicKey publicKey,
-            IPrivateKeyParameters privateKey,
-            IPublicKeyParameters publicKey,
+            PivPrivateKey privateKey,
+            PivPublicKey publicKey,
             byte slotNumber,
             PivPinPolicy pinPolicy,
             PivTouchPolicy touchPolicy,
@@ -85,13 +82,13 @@ public static bool RunImportPrivateKey(
                 // The Import method does not need the public key, so we're
                 // building it with no public key. If you want, you can add the
                 // public key.
-                slotContents = new SamplePivSlotContents
+                slotContents = new SamplePivSlotContents()
                 {
                     SlotNumber = slotNumber,
-                    Algorithm = privateKey.KeyType.GetPivAlgorithm(),
+                    Algorithm = privateKey.Algorithm,
                     PinPolicy = pinPolicy,
                     TouchPolicy = touchPolicy,
-                    PublicKey = PivPublicKey.Create(publicKey.ToPivEncodedPublicKey(), publicKey.KeyType.GetPivAlgorithm()),
+                    PublicKey = PivPublicKey.Create(publicKey.YubiKeyEncodedPublicKey),
                 };
             }
 

Yubico.YubiKey/examples/PivSampleCode/YubiKeyOperations/PrivateKeyOperations.cs

@@ -42,19 +42,9 @@ public static bool RunSignData(
             int keySizeBits = keyAlgorithm.KeySizeBits();
 
             // Before signing the data, we need to digest it.
-            byte[] digest = dataToSign;
-            if (keyAlgorithm == PivAlgorithm.EccEd25519)
-            {
-                using (var pivSession = new PivSession(yubiKey))
-                {
-                    pivSession.KeyCollector = KeyCollectorDelegate;
-                    signature = pivSession.Sign(slotNumber, digest);
-                }
-
-                return true;
-            }
+            byte[] digest = MessageDigestOperations.ComputeMessageDigest(dataToSign, hashAlgorithm);
 
-            if (keyAlgorithm.IsEcc() && keyAlgorithm!= PivAlgorithm.EccEd25519)
+            if (keyAlgorithm.IsEcc())
             {
                 // If the key is ECC, the digested data must be exactly the key
                 // size. For example, if the key is EccP384, then the digest