Merge pull request #519 from Yubico/release/1.5.0

Release/1.5.0

.editorconfig

@@ -19,7 +19,7 @@ root = true
 
 # IDE0073: File header
 dotnet_diagnostic.IDE0073.severity = suggestion
-file_header_template = Copyright 2021 Yubico AB\n\nLicensed under the Apache License, Version 2.0 (the "License").\nYou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.
+file_header_template = Copyright 2022 Yubico AB\n\nLicensed under the Apache License, Version 2.0 (the "License").\nYou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.
 
 # C# files
 [*.cs]

CONTRIBUTING.md

@@ -144,7 +144,7 @@ The following file header is used for the SDK. Please add it to all new files, u
 comment syntax.
 
 ```
-Copyright 2021 Yubico AB
+Copyright 2022 Yubico AB
 
 Licensed under the Apache License, Version 2.0 (the "License").
 You may not use this file except in compliance with the License.

LICENSE.txt

@@ -237,11 +237,6 @@ The following license applies to
 \Yubico.DotNetPolyfills\src\System.Security.Cryptography\CryptographicOperations.cs
 \Yubico.YubiKey\src\Yubico\YubiKey\Cryptography\RandomNumberGeneratorExt.cs
 
-This license also applies to the source files (as noted) which are located in
-the following directories:
-\Yubico.DotNetPolyfills\src\System.Formats.Cbor\
-\Yubico.DotNetPolyfills\tests\System.Formats.Cbor\
-
 The MIT License (MIT)
 
 Copyright (c) .NET Foundation and Contributors

Yubico.Core/src/Resources/ExceptionMessages.resx

@@ -261,4 +261,10 @@
   <data name="CmError" xml:space="preserve">
     <value>Encountered an error in the Config Manager library.</value>
   </data>
+  <data name="EcdhKeygenFailed" xml:space="preserve">
+    <value>Generation of ECDH key failed.</value>
+  </data>
+  <data name="EcdhComputationFailed" xml:space="preserve">
+    <value>Computation of the ECDH derived data failed.</value>
+  </data>
 </root>

Yubico.Core/src/Yubico.Core.csproj

@@ -45,7 +45,7 @@ limitations under the License. -->
     <EmbedUntrackedSources>true</EmbedUntrackedSources>
     <IncludeSymbols>true</IncludeSymbols>
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>
-    
+
     <!-- StrongName signing -->
     <SignAssembly>true</SignAssembly>
     <AssemblyOriginatorKeyFile>..\..\Yubico.NET.SDK.snk</AssemblyOriginatorKeyFile>
@@ -111,7 +111,7 @@ limitations under the License. -->
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
     <PackageReference Include="System.Memory" Version="4.5.4" />
     <PackageReference Include="System.Security.Principal.Windows" Version="5.0.0" />
-    <PackageReference Include="Yubico.NativeShims" Version="1.3.1">
+    <PackageReference Include="Yubico.NativeShims" Version="1.5.0">
       <IncludeAssets>native</IncludeAssets>
     </PackageReference>
     <ProjectReference Include="..\..\Yubico.DotNetPolyfills\src\Yubico.DotNetPolyfills.csproj" />
@@ -134,8 +134,4 @@ limitations under the License. -->
     </AssemblyAttribute>
 
   </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="Yubico\PlatformInterop\macOS\CoreFoundation\" />
-  </ItemGroup>
 </Project>

Yubico.Core/src/Yubico/Core/Cryptography/EcParametersSslExtensions.cs

@@ -0,0 +1,94 @@
+// Copyright 2022 Yubico AB
+//
+// Licensed under the Apache License, Version 2.0 (the "License").
+// You may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Security.Cryptography;
+using Yubico.PlatformInterop;
+
+namespace Yubico.Core.Cryptography
+{
+    internal static class OpenSslExtensions
+    {
+        private const int NistP256BitLength = 256;
+        private const int NistP384BitLength = 384;
+        private const int NistP521BitLength = 521;
+
+        /// <summary>
+        /// Converts an ECParameters structure into the OpenSSL data types for the public key: EC_GROUP and EC_POINT
+        /// </summary>
+        /// <param name="parameters">
+        /// The .NET representation of an elliptic curve and point.
+        /// </param>
+        /// <returns>
+        /// A tuple of the OpenSSL group and point. Both are needed to represent the public key.
+        /// </returns>
+        public static (SafeEcGroup group, SafeEcPoint point) ToSslPublicKey(this ECParameters parameters)
+        {
+            SafeEcGroup group = NativeMethods.EcGroupNewByCurveName(parameters.Curve.ToSslCurveId());
+            SafeEcPoint point = NativeMethods.EcPointNew(group);
+
+            using SafeBigNum bnX = NativeMethods.BnBinaryToBigNum(parameters.Q.X);
+            using SafeBigNum bnY = NativeMethods.BnBinaryToBigNum(parameters.Q.Y);
+            _ = NativeMethods.EcPointSetAffineCoordinates(group, point, bnX, bnY);
+
+            return (group, point);
+        }
+
+        /// <summary>
+        /// Converts a .NET named curve structure into its corresponding OpenSSL curve identifier.
+        /// </summary>
+        /// <param name="curve">
+        /// The .NET representation of a named elliptic curve.
+        /// </param>
+        /// <returns>
+        /// The OpenSSL curve ID (sometimes referred to as "NID")
+        /// </returns>
+        /// <exception cref="NotSupportedException">
+        /// This function only supports the NIST P256, P384, and P512 curves as of version 1.5.0.
+        /// </exception>
+        // Curve IDs from include/openssl/obj_mac.h
+        public static int ToSslCurveId(this ECCurve curve) =>
+            curve switch
+            {
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP256) => 415, // Exists as X9.64-prime256v1 in OpenSSL
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP384) => 715,
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP521) => 716,
+                _ => throw new NotSupportedException("Specified elliptic curve is not supported.")
+            };
+
+        /// <summary>
+        /// Return the bit length of the curve. This will be the bit length of
+        /// the private value and each coordinate of a point in the curve.
+        /// </summary>
+        /// <param name="curve">
+        /// The .NET representation of a named elliptic curve.
+        /// </param>
+        /// <returns>
+        /// The curve's bit length.
+        /// </returns>
+        /// <exception cref="NotSupportedException">
+        /// This function only supports the NIST P256, P384, and P512 curves as of version 1.5.0.
+        /// </exception>
+        public static int BitLength (this ECCurve curve) =>
+            curve switch
+            {
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP256) => NistP256BitLength,
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP384) => NistP384BitLength,
+                _ when curve.HasSameOid(ECCurve.NamedCurves.nistP521) => NistP521BitLength,
+                _ => throw new NotSupportedException("Specified elliptic curve is not supported.")
+            };
+
+        private static bool HasSameOid(this ECCurve curve, ECCurve named) => curve.Oid.Value == named.Oid.Value;
+    }
+}

Yubico.YubiKey/src/Yubico/YubiKey/Fido2/Serialization/CborLabelIdAttribute.cs → Yubico.Core/src/Yubico/Core/Cryptography/EcdhPrimitives.cs

@@ -1,4 +1,4 @@
-// Copyright 2021 Yubico AB
+// Copyright 2022 Yubico AB
 //
 // Licensed under the Apache License, Version 2.0 (the "License").
 // You may not use this file except in compliance with the License.
@@ -12,21 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-using System;
-
-namespace Yubico.YubiKey.Fido2.Serialization
+namespace Yubico.Core.Cryptography
 {
     /// <summary>
-    /// Marks the property as encoded in CBOR maps using the label integer supplied.
+    /// Factory class that will return the `Yubico.Core` implementation of the <see cref="IEcdhPrimitives"/> interface.
     /// </summary>
-    [AttributeUsage(AttributeTargets.Property)]
-    internal sealed class CborLabelIdAttribute : Attribute
+    public static class EcdhPrimitives
     {
-        public int LabelId { get; private set; }
-
-        public CborLabelIdAttribute(int labelId)
-        {
-            LabelId = labelId;
-        }
+        /// <summary>
+        /// Creates a new instance of an implementation of the low level Elliptic Curve Diffie Hellman (ECDH) functions.
+        /// </summary>
+        /// <returns>
+        /// A new instance of the default implementation of this interface.
+        /// </returns>
+        public static IEcdhPrimitives Create() => new EcdhPrimitivesOpenSsl();
     }
 }