Merge pull request #148

add new RSA keys to relevant docs

Yubico.YubiKey/docs/users-manual/application-piv/apdu/auth-decrypt.md

@@ -20,7 +20,7 @@ limitations under the License. -->
 |:---:|:---:|:-----------:|:-------------:|:----------:|:-------------------------:|:--------:| 
 | 00  | 87  | *algorithm* | *slot number* | *data len* | *encoded data to decrypt* | (absent) |
 
-The *algorithm* is either `06` (RSA-1048) or `07` (RSA-2048). Note that it is not possible
+The *algorithm* is either `06` (RSA-1048), `07` (RSA-2048), `05` (RSA 3072), or `16` (RSA 4096). Note that it is not possible
 to decrypt using ECC.
 
 The *slot number* can be the number of any slot that holds a private key, other than `F9`.

Yubico.YubiKey/docs/users-manual/application-piv/apdu/auth-sign.md

@@ -20,7 +20,7 @@ limitations under the License. -->
 |:---:|:---:|:-----------:|:-------------:|:----------:|:--------------------------------:|:--------:| 
 | 00  | 87  | *algorithm* | *slot number* | *data len* | *encoded digest of data to sign* | (absent) |
 
-The *algorithm* is either `06` (RSA-1048), `07` (RSA-2048), `11` (ECC-P256), or `14`
+The *algorithm* is either `06` (RSA-1048), `07` (RSA-2048), `05` (RSA 3072), `16` (RSA 4096), `11` (ECC-P256), or `14`
 (ECC-P384).
 
 The *slot number* can be the number of any slot that holds a private key, other than `F9`.

Yubico.YubiKey/docs/users-manual/application-piv/apdu/generate-pair.md

@@ -35,8 +35,8 @@ However, the YubiKey does not support that slot.
 The value for the "remaining bytes" field must be equal to the number of bytes that come after it. For example, if three
 bytes come after the "remaining bytes" field, the field's value must be 03.
 
-There are only four choices for "alg" (algorithm and size): RSA-1024 (06),
-RSA-2048 (07), ECC-P-256 (11), and ECC-P-384 (14).
+There are six choices for "alg" (algorithm and size): RSA-1024 (06),
+RSA-2048 (07), RSA 3072 (05), RSA 4096 (16), ECC-P-256 (11), and ECC-P-384 (14).
 
 Both the PIN policy and touch policy are optional. If either or both are not given, they
 will be default. The default for PIN is "once" and touch is "never".

Yubico.YubiKey/docs/users-manual/application-piv/apdu/import-asym.md

@@ -29,8 +29,8 @@ The slot number can be one of the following (hex values):
 F9
 ```
 
-There are only four choices for "alg" (algorithm and size): RSA-1024 (06),
-RSA-2048 (07), ECC-P-256 (11), and ECC-P-384 (14).
+There are six choices for "alg" (algorithm and size): RSA-1024 (06),
+RSA-2048 (07), RSA 3072 (05), RSA 4096 (16), ECC-P-256 (11), and ECC-P-384 (14).
 
 The key data to load is a set of TLV constructions. The L (length) is DER encoding
 format. The V is the integer in canonical form. If the key is an RSA private key, there

Yubico.YubiKey/docs/users-manual/application-piv/apdu/metadata.md

@@ -41,10 +41,8 @@ rules. The values (V of TLV) are dependent on the tags, described in the table b
 
 Tag | Name | Meaning | Data | Slots
 :---: | :---: | :---: | :---:
-01 | Algorithm| Algorithm/Type of the key | ff (PIN or PUK), 03 (Triple DES), 08 (AES-128),<br/>0A (AES-192), 0C (
-AES-256),<br/>06 (RSA-1024), 07 (RSA-2048),<br/>11 (ECC-P256), or 14 (ECC-P384) | all slots
-02 | Policy| PIN and touch policy | PIN: 0 (Default), 1 (Never),<br/>2 (Once), 3 (Always)<br/>Touch: 0 (Default), 1 (
-Never),<br/>2 (Always), 3 (Cached) | 9a, 9b, 9c, 9d, 9e, f9, 82 - 95
+01 | Algorithm| Algorithm/Type of the key | ff (PIN or PUK), 03 (Triple DES), 08 (AES-128),<br/>0A (AES-192), 0C (AES-256),<br/>06 (RSA-1024), 07 (RSA-2048),<br/>05 (RSA 3072), 16 (RSA 4096)<br/>11 (ECC-P256), or 14 (ECC-P384) | all slots
+02 | Policy| PIN and touch policy | PIN: 0 (Default), 1 (Never),<br/>2 (Once), 3 (Always)<br/>Touch: 0 (Default), 1 (Never),<br/>2 (Always), 3 (Cached) | 9a, 9b, 9c, 9d, 9e, f9, 82 - 95
 03 | Origin| Imported or generated | 1 (generated), 2 (imported) | 9a, 9c, 9d, 9e, f9, 82 - 95
 04 | Public| Pub key partner to the pri key | DER encoding of public key | 9a, 9c, 9d, 9e, f9, 82 - 95
 05 | Default| Whether PIN/PUK/Mgmt Key has default value | 01 (default) 00 (not default) | 80, 81, 9b

Yubico.YubiKey/docs/users-manual/application-piv/attestation.md

@@ -156,7 +156,7 @@ allows for it.
 Note that if you replace the Yubico key and cert, there is no way to recover these
 original values, they will be gone for good. So use this method with caution.
 
-The replacement key must be either RSA-2048, ECC-P256, or ECC-P384, and there are some
+The replacement key must be either RSA-2048, RSA-3072, RSA-4096, ECC-P256, or ECC-P384, and there are some
 restrictions on the certificate. YubiKeys before version 5 did allow 1024-bit RSA keys as
 attestation keys, but to make your application work for all YubiKeys, you should never use
 a 1024-bit RSA key as an attestation key.

Yubico.YubiKey/docs/users-manual/application-piv/commands.md

@@ -147,7 +147,7 @@ PIV slots.
 #### Table 1: List of Metadata Elements
 |   Name    |                  Meaning                   |                                    Data                                                                     | Slots                           |
 | :-------: | :----------------------------------------: | :---------------------------------------------------------------------------------------------------------: | :-----------------------------: |
-| Algorithm |            Algorithm of the key            |       PIN, PUK, Triple DES, AES-128, AES-192, AES-256, <br/>RSA-1024, RSA-2048, ECC-P256, or ECC-P384       | all slots                       |
+| Algorithm |            Algorithm of the key            |       PIN, PUK, Triple DES, AES-128, AES-192, AES-256, <br/>RSA-1024, RSA-2048, RSA 3072, RSA 4096, ECC-P256, or ECC-P384       | all slots                       |
 |  Policy   |            PIN and touch policy            | PIN: Default, Never, Once, Always<br/>Touch: Default, Never, Always, Cached                                 | 9A, 9B, 9C, 9D, 9E, F9, 82 - 95 |
 |  Origin   |           Imported or generated            |                             imported/generated                                                              | 9A, 9C, 9D, 9E, F9, 82 - 95     |
 |  Public   |       Pub key partner to the pri key       |                         DER encoding of public key                                                          | 9A, 9C, 9D, 9E, F9, 82 - 95     |
@@ -775,7 +775,7 @@ All YubiKeys with the PIV application.
 
 The management key, slot number, algorithm, key size, PIN policy, and touch policy.
 
-The YubiKey supports RSA 1024 and 2048, along with ECC P-256 and P-384.
+The YubiKey supports RSA 1024, 2048, 3072, and 4096 along with ECC P-256 and P-384.
 
 ### Output
 

Yubico.YubiKey/docs/users-manual/application-piv/public-keys.md

@@ -82,14 +82,16 @@ will need to be able to "convert" between `SubjectPublicKeyInfo` and `PivPublicK
 
 When you generate a new key pair on the PIV application, you are given the public key. The
 key is returned as an instance of the `PivPublicKey` class. From that class you can obtain
-all the information about the key. The object has a property for algorithm:
+all the information about the key. The object has a property for the algorithm, which can include the following:
 
 * RSA 1024
 * RSA 2048
+* RSA 3072
+* RSA 4096
 * ECC P256
 * ECC P384
 
-The object also has properties for
+The object also has properties for:
 
 * PIV-standard encoding
 * YubiKey encoding.

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/AuthenticateDecryptCommand.cs

@@ -57,8 +57,7 @@ namespace Yubico.YubiKey.Piv.Commands
     /// </para>
     /// <para>
     /// The caller supplies the data to decrypt. It must be a block the same size
-    /// as the key. For an RSA-1024 key, the block must be 128 bytes, for an
-    /// RSA-2048 key, the block must be 256 bytes. If the actual data to decrypt
+    /// as the key. For an RSA-1024/RSA-2048/RSA-3072/RSA-4096 key, the block must be 128/256/384/512 bytes. If the actual data to decrypt
     /// is shorter, it must be provided with as many prepended 00 bytes as needed
     /// to make sure the block is the appropriate length.
     /// </para>
@@ -107,7 +106,9 @@ private AuthenticateDecryptCommand()
         /// <para>
         /// If the key that will be used to decrypt is RSA-1024, then the data to
         /// decrypt must be 128 (1024 bits) bytes long. If the key is RSA-2048,
-        /// then the data must be 256 bytes (2048 bits) long. See also the User's
+        /// then the data must be 256 bytes (2048 bits) long. If the key is RSA-3072,
+        /// then the data must be 384 bytes (3072 bits) long. If the key is RSA-4096,
+        /// then the data must be 512 bytes (4096 bits) long. See also the User's
         /// Manual entry on
         /// <xref href="UsersManualPivCommands#authenticate-decrypt"> decrypting </xref>
         /// in the PIV commands page.

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/AuthenticateDecryptResponse.cs

@@ -25,8 +25,10 @@ namespace Yubico.YubiKey.Piv.Commands
     /// <para>
     /// The data returned by <c>GetData</c> is a byte array,
     /// containing the decrypted data. The data will be the same size as the key.
-    /// That is, for a 1024-bit RSA key, the decrypted data is 128 bytes, and for
-    /// a 2048-bit key, the decrypted data is 256 bytes.
+    /// That is, for a 1024-bit RSA key, the decrypted data is 128 bytes, for
+    /// a 2048-bit key, the decrypted data is 256 bytes, for
+    /// a 3072-bit key, the decrypted data is 384 bytes, and for
+    /// a 4096-bit key, the decrypted data is 512 bytes.
     /// </para>
     /// <para>
     /// The data returned is almost certainly formatted, either using PKCS 1 v.

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/AuthenticateSignCommand.cs

@@ -120,7 +120,9 @@ private AuthenticateSignCommand()
         /// The digest data is formatted if RSA. If the key that will be used to
         /// sign is RSA-1024, the the digest data must be 128 (1024 bits) bytes
         /// long. If the key is RSA-2048, then the digest data must be 256 bytes
-        /// (2048 bits) long. See also the User's Manual entry on
+        /// (2048 bits) long. If the key is RSA-3072, then the digest data must be 384 bytes
+        /// (3072 bits) long. If the key is RSA-4096, then the digest data must be 512 bytes
+        /// (4096 bits) long. See also the User's Manual entry on
         /// <xref href="UsersManualPivCommands#authenticate-sign"> signing </xref>
         /// in the PIV commands page.
         /// </para>

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/AuthenticateSignResponse.cs

@@ -29,8 +29,10 @@ namespace Yubico.YubiKey.Piv.Commands
     /// <para>
     /// If the data had been signed by an RSA key, the data will be
     /// random-looking data the same size as the key. That is, for a 1024-bit RSA
-    /// key, the signature is 128 bytes, and for a 2048-bit key, the signature is
-    /// 256 bytes.
+    /// key, the signature is 128 bytes, for a 2048-bit key, the signature is
+    /// 256 bytes, for a 3072-bit key, the signature is
+    /// 384 bytes, and for a 4096-bit key, the signature is
+    /// 512 bytes.
     /// </para>
     /// <para>If the data had been signed by an ECC key, the signature will be the
     /// DER encoding of the following ASN.1 definition.

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/GetMetadataCommand.cs

@@ -41,7 +41,7 @@ namespace Yubico.YubiKey.Piv.Commands
     ///   GetMetadataResponse metadataResponse = connection.SendCommand(metadataCommand);<br/>
     ///   if (metadataResponse.Status == ResponseStatus.Success)
     ///   {
-    ///       PivKeyMetadata keyData = metadataResponse.GetData();
+    ///       PivMetadata keyData = metadataResponse.GetData();
     ///   }
     /// </code>
     /// </remarks>

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/GetMetadataResponse.cs

@@ -38,7 +38,7 @@ namespace Yubico.YubiKey.Piv.Commands
     ///   GetMetadataResponse metadataResponse = connection.SendCommand(metadataCommand);<br/>
     ///   if (metadataResponse.Status == ResponseStatus.Success)
     ///   {
-    ///       PivKeyMetadata keyData = metadataResponse.GetData();
+    ///       PivMetadata keyData = metadataResponse.GetData();
     ///   }
     /// </code>
     /// </remarks>

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/ImportAsymmetricKeyCommand.cs

@@ -178,7 +178,7 @@ private ImportAsymmetricKeyCommand()
         /// </summary>
         /// <remarks>
         /// The only possible private keys this command will accept are RSA-1024,
-        /// RSA-2048, ECC-P256, and ECC-P384. If you supply any other private
+        /// RSA-2048, RSA-3072, RSA-4096, ECC-P256, and ECC-P384. If you supply any other private
         /// key, the constructor will throw an exception.
         /// <para>
         /// The slot number must be for a slot that holds an asymmetric key. See

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivAlgorithmExtensions.cs

@@ -121,11 +121,11 @@ public static class PivAlgorithmExtensions
         /// Determines if the given algorithm is RSA.
         /// </summary>
         /// <remarks>
-        /// The PivAlgorithm enum contains <c>Rsa1024</c> and <c>Rsa2048</c>. But
+        /// The PivAlgorithm enum contains <c>Rsa1024</c>, <c>Rsa2048</c>, <c>Rsa3072</c>, and <c>Rsa4096</c>. But
         /// sometimes you just want to know if an algorithm is RSA or not. It
         /// would seem you would have to write code such as the following.
         /// <code language="csharp">
-        ///     if ((algorithm == PivAlgorith.Rsa1024) || (algorithm == PivAlgorithm.Rsa2048))
+        ///     if ((algorithm == PivAlgorith.Rsa1024) || (algorithm == PivAlgorithm.Rsa2048) || (algorithm == PivAlgorithm.Rsa3072) || (algorithm == PivAlgorithm.Rsa4096))
         /// </code>
         /// <para>
         /// With this extension, you can simply write.

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivRsaPrivateKey.cs

@@ -36,10 +36,12 @@ namespace Yubico.YubiKey.Piv
     ///   03 length prime p Exponent dP || 04 length prime q Exponent dQ ||
     /// </code>
     /// <para>
-    /// The YubiKey supports only 1024-bit and 2048-bit RSA keys. Each element in
+    /// The YubiKey supports 1024-bit, 2048-bit, 3072-bit, and 4096-bit RSA keys. Each element in
     /// the private key will be half that size. So for a 1024-bit RSA key pair,
-    /// the CRT components are each 512 bits (64 bytes) long, and for a 2048-bit
-    /// RSA key pair, the CRT components are each 1024 bits (128 bytes) long.
+    /// the CRT components are each 512 bits (64 bytes) long, for a 2048-bit
+    /// RSA key pair, the CRT components are each 1024 bits (128 bytes) long, for a 3072-bit
+    /// RSA key pair, the CRT components are each 1536 bits (192 bytes) long, and for a 4096-bit
+    /// RSA key pair, the CRT components are each 2048 bits (256 bytes) long.
     /// </para>
     /// <para>
     /// You can build an object from either the encoded private key, and then

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivRsaPublicKey.cs

@@ -35,8 +35,8 @@ namespace Yubico.YubiKey.Piv
     /// <see cref="PivPublicKey"/>.
     /// </para>
     /// <para>
-    /// The YubiKey supports only 1024-bit and 2048-bit RSA keys, which means
-    /// that the modulus must be exactly 128 or 256 byte long.
+    /// The YubiKey supports 1024-bit, 2048-bit, 3072-bit, and 4096-bit RSA keys, which means
+    /// that the modulus must be exactly 128, 256, 384, or 512 bytes long, respectively.
     /// </para>
     /// <para>
     /// The YubiKey supports only F4 (0x010001 = decimal 65,537) as the public

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Attestation.cs

@@ -238,7 +238,7 @@ public X509Certificate2 GetAttestationCertificate()
         /// </para>
         /// <para>
         /// There are limitations placed on the key and cert. The key must be
-        /// either RSA-2048, ECC-P256, or ECC-P384. The cert must be X.509, it
+        /// either RSA-2048, RSA-3072, RSA-4096, ECC-P256, or ECC-P384. The cert must be X.509, it
         /// must be version 2 or 3, the full DER encoding of the
         /// <c>SubjectName</c> must be fewer than 1029 bytes, and the total
         /// length of the certificate must be fewer than 3052 bytes. This method

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Crypto.cs

@@ -68,26 +68,15 @@ public sealed partial class PivSession : IDisposable
         /// </code>
         /// </para>
         /// <para>
-        /// If the key is RSA 1024, then the input must be exactly 128 bytes,
+        /// If the key is RSA 1024/2048/3072/4096, then the input must be exactly 128/256/384/512 bytes,
         /// otherwise the method will throw an exception. You can use the
         /// <see cref="Cryptography.RsaFormat"/> class to format the data. That
         /// class will be able to format the digest into either PKCS #1 v1.5 or a
         /// subset of PKCS #1 PSS. However, if that class does not support the
         /// exact format you want, you will have to write your own formatting
-        /// code and guarantee the input to this method is exactly 128 bytes
-        /// (prepend pad bytes of 00 until the length is exactly 128 if needed).
-        /// The signature will be a 128-byte block.
-        /// </para>
-        /// <para>
-        /// If the key is RSA 2048, then the input must be exactly 256 bytes,
-        /// otherwise the method will throw an exception. You can use the
-        /// <see cref="Cryptography.RsaFormat"/> class to format the data. That
-        /// class will be able to format the digest into either PKCS #1 v1.5 or a
-        /// subset of PKCS #1 PSS. However, if that class does not support the
-        /// exact format you want, you will have to write your own formatting
-        /// code and guarantee the input to this method is exactly 256 bytes
-        /// (prepend pad bytes of 00 until the length is exactly 256 if needed).
-        /// The signature will be a 256-byte block.
+        /// code and guarantee the input to this method is exactly 128/256/384/512 bytes
+        /// (prepend pad bytes of 00 until the length is exactly 128/256/384/512 if needed).
+        /// The signature will be a 128/256/384/512-byte block.
         /// </para>
         /// <para>
         /// Signing might require the PIN and/or touch, depending on the PIN and
@@ -187,7 +176,9 @@ public byte[] Sign(byte slotNumber, ReadOnlyMemory<byte> dataToSign)
         /// </para>
         /// <para>
         /// If the key is RSA 1024, then the input must be exactly 128 bytes. If
-        /// the key is RSA 2048, then the input must be exactly 256 bytes. If the
+        /// the key is RSA 2048, then the input must be exactly 256 bytes. If
+        /// the key is RSA 3072, then the input must be exactly 384 bytes. If
+        /// the key is RSA 4096, then the input must be exactly 512 bytes. If the
         /// input data is not the correct length, the method will throw an
         /// exception.
         /// </para>