diff --git a/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs b/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs
index 97902e093..8046a0b1b 100644
--- a/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs
+++ b/crypto/src/crypto/parameters/Ed25519PrivateKeyParameters.cs
@@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Crypto.Parameters
public Ed25519PrivateKeyParameters(SecureRandom random)
: base(true)
{
- random.NextBytes(data);
+ Ed25519.GeneratePrivateKey(random, data);
}
public Ed25519PrivateKeyParameters(byte[] buf, int off)
diff --git a/crypto/src/crypto/parameters/Ed448PrivateKeyParameters.cs b/crypto/src/crypto/parameters/Ed448PrivateKeyParameters.cs
index 74b5d63f3..f2fc4d533 100644
--- a/crypto/src/crypto/parameters/Ed448PrivateKeyParameters.cs
+++ b/crypto/src/crypto/parameters/Ed448PrivateKeyParameters.cs
@@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Crypto.Parameters
public Ed448PrivateKeyParameters(SecureRandom random)
: base(true)
{
- random.NextBytes(data);
+ Ed448.GeneratePrivateKey(random, data);
}
public Ed448PrivateKeyParameters(byte[] buf, int off)
diff --git a/crypto/src/crypto/parameters/X25519KeyGenerationParameters.cs b/crypto/src/crypto/parameters/X25519KeyGenerationParameters.cs
index 09972c7a2..d0bcffa94 100644
--- a/crypto/src/crypto/parameters/X25519KeyGenerationParameters.cs
+++ b/crypto/src/crypto/parameters/X25519KeyGenerationParameters.cs
@@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Crypto.Parameters
: KeyGenerationParameters
{
public X25519KeyGenerationParameters(SecureRandom random)
- : base(random, 256)
+ : base(random, 255)
{
}
}
diff --git a/crypto/src/crypto/parameters/X25519PrivateKeyParameters.cs b/crypto/src/crypto/parameters/X25519PrivateKeyParameters.cs
index fb49a02b3..f7bbdac74 100644
--- a/crypto/src/crypto/parameters/X25519PrivateKeyParameters.cs
+++ b/crypto/src/crypto/parameters/X25519PrivateKeyParameters.cs
@@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Crypto.Parameters
public X25519PrivateKeyParameters(SecureRandom random)
: base(true)
{
- random.NextBytes(data);
+ X25519.GeneratePrivateKey(random, data);
}
public X25519PrivateKeyParameters(byte[] buf, int off)
diff --git a/crypto/src/crypto/parameters/X448PrivateKeyParameters.cs b/crypto/src/crypto/parameters/X448PrivateKeyParameters.cs
index d17aa7947..a073e5799 100644
--- a/crypto/src/crypto/parameters/X448PrivateKeyParameters.cs
+++ b/crypto/src/crypto/parameters/X448PrivateKeyParameters.cs
@@ -19,7 +19,7 @@ namespace Org.BouncyCastle.Crypto.Parameters
public X448PrivateKeyParameters(SecureRandom random)
: base(true)
{
- random.NextBytes(data);
+ X448.GeneratePrivateKey(random, data);
}
public X448PrivateKeyParameters(byte[] buf, int off)
diff --git a/crypto/src/math/ec/rfc7748/X25519.cs b/crypto/src/math/ec/rfc7748/X25519.cs
index d8db2527a..8524b9e2c 100644
--- a/crypto/src/math/ec/rfc7748/X25519.cs
+++ b/crypto/src/math/ec/rfc7748/X25519.cs
@@ -1,6 +1,7 @@
using System;
using System.Diagnostics;
+using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Math.EC.Rfc7748
@@ -50,6 +51,15 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
n[7] |= 0x40000000U;
}
+ public static void GeneratePrivateKey(SecureRandom random, byte[] k)
+ {
+ random.NextBytes(k);
+
+ k[0] &= 0xF8;
+ k[ScalarSize - 1] &= 0x7F;
+ k[ScalarSize - 1] |= 0x40;
+ }
+
private static void PointDouble(int[] x, int[] z)
{
int[] A = X25519Field.Create();
diff --git a/crypto/src/math/ec/rfc7748/X448.cs b/crypto/src/math/ec/rfc7748/X448.cs
index 63d34d1cf..63e526703 100644
--- a/crypto/src/math/ec/rfc7748/X448.cs
+++ b/crypto/src/math/ec/rfc7748/X448.cs
@@ -1,6 +1,7 @@
using System;
using System.Diagnostics;
+using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Math.EC.Rfc7748
@@ -52,6 +53,14 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748
n[13] |= 0x80000000U;
}
+ public static void GeneratePrivateKey(SecureRandom random, byte[] k)
+ {
+ random.NextBytes(k);
+
+ k[0] &= 0xFC;
+ k[ScalarSize - 1] |= 0x80;
+ }
+
private static void PointDouble(uint[] x, uint[] z)
{
uint[] A = X448Field.Create();
diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs
index 403f11f50..b77853f30 100644
--- a/crypto/src/math/ec/rfc8032/Ed25519.cs
+++ b/crypto/src/math/ec/rfc8032/Ed25519.cs
@@ -5,6 +5,7 @@ using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Math.EC.Rfc7748;
using Org.BouncyCastle.Math.Raw;
+using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Math.EC.Rfc8032
@@ -248,6 +249,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
r[rOff + PointBytes - 1] |= (byte)((x[0] & 1) << 7);
}
+ public static void GeneratePrivateKey(SecureRandom random, byte[] k)
+ {
+ random.NextBytes(k);
+ }
+
public static void GeneratePublicKey(byte[] sk, int skOff, byte[] pk, int pkOff)
{
IDigest d = CreateDigest();
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 10ebe8f15..38bdee83e 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -5,6 +5,7 @@ using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Math.EC.Rfc7748;
using Org.BouncyCastle.Math.Raw;
+using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Math.EC.Rfc8032
@@ -257,6 +258,11 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
r[rOff + PointBytes - 1] = (byte)((x[0] & 1) << 7);
}
+ public static void GeneratePrivateKey(SecureRandom random, byte[] k)
+ {
+ random.NextBytes(k);
+ }
+
public static void GeneratePublicKey(byte[] sk, int skOff, byte[] pk, int pkOff)
{
IXof d = CreateXof();
|
