Add explanatory comment for "wrong AES OIDs"

3 files changed, 19 insertions, 6 deletions

diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs

index cb6ca9c1b..e9525b377 100644
--- a/crypto/src/security/GeneratorUtilities.cs
+++ b/crypto/src/security/GeneratorUtilities.cs
@@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Security
             AddKgAlgorithm("AES",
                 "AESWRAP");
             AddKgAlgorithm("AES128",
-                "2.16.840.1.101.3.4.2",
+                SecurityUtilities.WrongAes128,
                 NistObjectIdentifiers.IdAes128Cbc,
                 NistObjectIdentifiers.IdAes128Ccm,
                 NistObjectIdentifiers.IdAes128Cfb,
@@ -47,7 +47,7 @@ namespace Org.BouncyCastle.Security
                 NistObjectIdentifiers.IdAes128Ofb,
                 NistObjectIdentifiers.IdAes128Wrap);
             AddKgAlgorithm("AES192",
-                "2.16.840.1.101.3.4.22",
+                SecurityUtilities.WrongAes192,
                 NistObjectIdentifiers.IdAes192Cbc,
                 NistObjectIdentifiers.IdAes192Ccm,
                 NistObjectIdentifiers.IdAes192Cfb,
@@ -56,7 +56,7 @@ namespace Org.BouncyCastle.Security
                 NistObjectIdentifiers.IdAes192Ofb,
                 NistObjectIdentifiers.IdAes192Wrap);
             AddKgAlgorithm("AES256",
-                "2.16.840.1.101.3.4.42",
+                SecurityUtilities.WrongAes256,
                 NistObjectIdentifiers.IdAes256Cbc,
                 NistObjectIdentifiers.IdAes256Ccm,
                 NistObjectIdentifiers.IdAes256Cfb,
diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs

index d393e3d36..c1f4492b3 100644
--- a/crypto/src/security/ParameterUtilities.cs
+++ b/crypto/src/security/ParameterUtilities.cs
@@ -29,7 +29,7 @@ namespace Org.BouncyCastle.Security
             AddAlgorithm("AES",
                 "AESWRAP");
             AddAlgorithm("AES128",
-                "2.16.840.1.101.3.4.2",
+                SecurityUtilities.WrongAes128,
                 NistObjectIdentifiers.IdAes128Cbc,
                 NistObjectIdentifiers.IdAes128Ccm,
                 NistObjectIdentifiers.IdAes128Cfb,
@@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Security
                 NistObjectIdentifiers.IdAes128Ofb,
                 NistObjectIdentifiers.IdAes128Wrap);
             AddAlgorithm("AES192",
-                "2.16.840.1.101.3.4.22",
+                SecurityUtilities.WrongAes192,
                 NistObjectIdentifiers.IdAes192Cbc,
                 NistObjectIdentifiers.IdAes192Ccm,
                 NistObjectIdentifiers.IdAes192Cfb,
@@ -47,7 +47,7 @@ namespace Org.BouncyCastle.Security
                 NistObjectIdentifiers.IdAes192Ofb,
                 NistObjectIdentifiers.IdAes192Wrap);
             AddAlgorithm("AES256",
-                "2.16.840.1.101.3.4.42",
+                SecurityUtilities.WrongAes256,
                 NistObjectIdentifiers.IdAes256Cbc,
                 NistObjectIdentifiers.IdAes256Ccm,
                 NistObjectIdentifiers.IdAes256Cfb,
diff --git a/crypto/src/security/SecurityUtilities.cs b/crypto/src/security/SecurityUtilities.cs
new file mode 100644

index 000000000..ff24c6e1e
--- /dev/null
+++ b/crypto/src/security/SecurityUtilities.cs
@@ -0,0 +1,13 @@
+namespace Org.BouncyCastle.Security
+{
+    internal static class SecurityUtilities
+    {
+        /*
+         * These three got introduced in some messages as a result of a typo in an early document. We don't produce
+         * anything using these OID values, but we'll read them.
+         */
+        internal static readonly string WrongAes128 = "2.16.840.1.101.3.4.2";
+        internal static readonly string WrongAes192 = "2.16.840.1.101.3.4.22";
+        internal static readonly string WrongAes256 = "2.16.840.1.101.3.4.42";
+    }
+}