refactor(core): dedupe ARKG HKDF — delegate to shared HkdfUtilities

Removes the private HkdfSha256 method from ArkgPrimitivesOpenSsl that
existed solely as a workaround because HkdfUtilities lived in the
wrong assembly (Yubico.YubiKey, unreachable from Core). Now that
HkdfUtilities is in Yubico.Core, ARKG can call the shared canonical
implementation.

44 lines of duplicated cryptographic code removed. ARKG KAT vectors
verify byte-for-byte equivalence with the previous local copy. The
.ToArray() calls at lines 271 + 291 are forced by downstream code
expecting byte[] (mk fed to HMACSHA256 ctor, shared returned as byte[]).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: DennisDyallo

Yubico.Core/src/Yubico/Core/Cryptography/ArkgPrimitivesOpenSsl.cs

@@ -268,7 +268,7 @@ private static byte[] BlBlindPublicKey(byte[] pkBl, BigInteger tau)
                 Encoding.ASCII.GetBytes("ARKG-KEM-HMAC-mac."),
                 dstAug,
                 ctx);
-            byte[] mk = HkdfSha256(kPrime, salt: Array.Empty<byte>(), info: macInfo, length: 32);
+            byte[] mk = HkdfUtilities.DeriveKey(kPrime, salt: ReadOnlySpan<byte>.Empty, contextInfo: macInfo, length: 32).ToArray();
 
             byte[] tag;
             try
@@ -288,7 +288,7 @@ private static byte[] BlBlindPublicKey(byte[] pkBl, BigInteger tau)
                 Encoding.ASCII.GetBytes("ARKG-KEM-HMAC-shared."),
                 dstAug,
                 ctx);
-            byte[] shared = HkdfSha256(kPrime, salt: Array.Empty<byte>(), info: sharedInfo, length: kPrime.Length);
+            byte[] shared = HkdfUtilities.DeriveKey(kPrime, salt: ReadOnlySpan<byte>.Empty, contextInfo: sharedInfo, length: kPrime.Length).ToArray();
             CryptographicOperations.ZeroMemory(kPrime);
 
             // Ciphertext = MAC tag || ephemeral public key.
@@ -412,56 +412,6 @@ private static byte[] ExpandMessageXmd(byte[] msg, byte[] dst, int lenInBytes)
             return result;
         }
 
-        // ---------------------------------------------------------------------
-        // HKDF-SHA256 (RFC 5869) — local copy because Yubico.Core can't depend
-        // on Yubico.YubiKey's HkdfUtilities.
-        // ---------------------------------------------------------------------
-
-        private static byte[] HkdfSha256(byte[] ikm, byte[] salt, byte[] info, int length)
-        {
-            const int HashLen = 32;
-            byte[] effectiveSalt = (salt == null || salt.Length == 0) ? new byte[HashLen] : salt;
-
-            byte[] prk;
-            using (HMACSHA256 hmac = new HMACSHA256(effectiveSalt))
-            {
-                prk = hmac.ComputeHash(ikm);
-            }
-
-            try
-            {
-                byte[] okm = new byte[length];
-                int blocks = (length + HashLen - 1) / HashLen;
-                byte[] previous = Array.Empty<byte>();
-
-                using HMACSHA256 expandHmac = new HMACSHA256(prk);
-                for (int i = 1; i <= blocks; i++)
-                {
-                    byte[] input = new byte[previous.Length + (info?.Length ?? 0) + 1];
-                    Buffer.BlockCopy(previous, 0, input, 0, previous.Length);
-                    if (info != null)
-                    {
-                        Buffer.BlockCopy(info, 0, input, previous.Length, info.Length);
-                    }
-
-                    input[^1] = (byte)i;
-
-                    expandHmac.Initialize();
-                    byte[] block = expandHmac.ComputeHash(input);
-                    int off = (i - 1) * HashLen;
-                    int copy = Math.Min(HashLen, length - off);
-                    Buffer.BlockCopy(block, 0, okm, off, copy);
-                    previous = block;
-                }
-
-                return okm;
-            }
-            finally
-            {
-                CryptographicOperations.ZeroMemory(prk);
-            }
-        }
-
         // ---------------------------------------------------------------------
         // Conversion helpers
         // ---------------------------------------------------------------------