diff options
| author | Oren Novotny <oren@novotny.org> | 2019-09-21 14:12:49 -0400 |
|---|---|---|
| committer | Oren Novotny <oren@novotny.org> | 2019-09-21 14:12:49 -0400 |
| commit | b365dc55216d7fea5f37ae71dc74d7b0a5946ee1 (patch) | |
| tree | 9a02bc10d7aa7dd88284eff3793c0dc4b17ea722 /crypto | |
| parent | Remove unneeded ifdef's (diff) | |
| parent | Add ChaCha ciphers to factory classes (diff) | |
| download | BouncyCastle.NET-ed25519-b365dc55216d7fea5f37ae71dc74d7b0a5946ee1.tar.xz | |
Merge branch 'master' into netstandard
Diffstat (limited to 'crypto')
94 files changed, 2322 insertions, 475 deletions
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index ca6dba5ff..d7034cad7 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -3144,6 +3144,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\BufferedAeadCipher.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\BufferedAsymmetricBlockCipher.cs" SubType = "Code" BuildAction = "Compile" @@ -4304,6 +4309,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\modes\ChaCha20Poly1305.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\modes\CTSBlockCipher.cs" SubType = "Code" BuildAction = "Compile" @@ -4329,6 +4339,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\modes\IAeadCipher.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\modes\KCcmBlockCipher.cs" SubType = "Code" BuildAction = "Compile" @@ -5649,6 +5664,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\crypto\tls\TlsCloseable.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\crypto\tls\TlsCompression.cs" SubType = "Code" BuildAction = "Compile" @@ -12143,6 +12163,11 @@ BuildAction = "Compile" /> <File + RelPath = "test\src\crypto\test\ChaCha20Poly1305Test.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "test\src\crypto\test\ChaChaTest.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/asn1/anssi/ANSSINamedCurves.cs b/crypto/src/asn1/anssi/ANSSINamedCurves.cs index ce941709f..26222581e 100644 --- a/crypto/src/asn1/anssi/ANSSINamedCurves.cs +++ b/crypto/src/asn1/anssi/ANSSINamedCurves.cs @@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Asn1.Anssi { private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -27,7 +27,7 @@ namespace Org.BouncyCastle.Asn1.Anssi private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } /* diff --git a/crypto/src/asn1/gm/GMNamedCurves.cs b/crypto/src/asn1/gm/GMNamedCurves.cs index 5b1072f8c..97485e258 100644 --- a/crypto/src/asn1/gm/GMNamedCurves.cs +++ b/crypto/src/asn1/gm/GMNamedCurves.cs @@ -20,7 +20,7 @@ namespace Org.BouncyCastle.Asn1.GM private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Asn1.GM private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } /* diff --git a/crypto/src/asn1/pkcs/PKCSObjectIdentifiers.cs b/crypto/src/asn1/pkcs/PKCSObjectIdentifiers.cs index a991585f6..6c7fed442 100644 --- a/crypto/src/asn1/pkcs/PKCSObjectIdentifiers.cs +++ b/crypto/src/asn1/pkcs/PKCSObjectIdentifiers.cs @@ -159,6 +159,17 @@ namespace Org.BouncyCastle.Asn1.Pkcs */ public static readonly DerObjectIdentifier IdRsaKem = IdAlg.Branch("14"); + /** + * <pre> + * id-alg-AEADChaCha20Poly1305 OBJECT IDENTIFIER ::= + * { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + * pkcs9(9) smime(16) alg(3) 18 } + * + * AEADChaCha20Poly1305Nonce ::= OCTET STRING (SIZE(12)) + * </pre> + */ + public static readonly DerObjectIdentifier IdAlgAeadChaCha20Poly1305 = IdAlg.Branch("18"); + // // SMIME capability sub oids. // diff --git a/crypto/src/asn1/sec/SECNamedCurves.cs b/crypto/src/asn1/sec/SECNamedCurves.cs index 44190d2b2..8ca0a6e21 100644 --- a/crypto/src/asn1/sec/SECNamedCurves.cs +++ b/crypto/src/asn1/sec/SECNamedCurves.cs @@ -21,7 +21,7 @@ namespace Org.BouncyCastle.Asn1.Sec private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Asn1.Sec private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } /* @@ -57,7 +57,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("DB7C2ABF62E35E668076BEAD208B"); BigInteger a = FromHex("DB7C2ABF62E35E668076BEAD2088"); BigInteger b = FromHex("659EF8BA043916EEDE8911702B22"); - byte[] S = Hex.Decode("00F50B028E4D696E676875615175290472783FB1"); + byte[] S = Hex.DecodeStrict("00F50B028E4D696E676875615175290472783FB1"); BigInteger n = FromHex("DB7C2ABF62E35E7628DFAC6561C5"); BigInteger h = BigInteger.One; @@ -86,7 +86,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("DB7C2ABF62E35E668076BEAD208B"); BigInteger a = FromHex("6127C24C05F38A0AAAF65C0EF02C"); BigInteger b = FromHex("51DEF1815DB5ED74FCC34C85D709"); - byte[] S = Hex.Decode("002757A1114D696E6768756151755316C05E0BD4"); + byte[] S = Hex.DecodeStrict("002757A1114D696E6768756151755316C05E0BD4"); BigInteger n = FromHex("36DF0AAFD8B8D7597CA10520D04B"); BigInteger h = BigInteger.ValueOf(4); @@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); BigInteger a = FromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"); BigInteger b = FromHex("E87579C11079F43DD824993C2CEE5ED3"); - byte[] S = Hex.Decode("000E0D4D696E6768756151750CC03A4473D03679"); + byte[] S = Hex.DecodeStrict("000E0D4D696E6768756151750CC03A4473D03679"); BigInteger n = FromHex("FFFFFFFE0000000075A30D1B9038A115"); BigInteger h = BigInteger.One; @@ -144,7 +144,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); BigInteger a = FromHex("D6031998D1B3BBFEBF59CC9BBFF9AEE1"); BigInteger b = FromHex("5EEEFCA380D02919DC2C6558BB6D8A5D"); - byte[] S = Hex.Decode("004D696E67687561517512D8F03431FCE63B88F4"); + byte[] S = Hex.DecodeStrict("004D696E67687561517512D8F03431FCE63B88F4"); BigInteger n = FromHex("3FFFFFFF7FFFFFFFBE0024720613B5A3"); BigInteger h = BigInteger.ValueOf(4); @@ -216,7 +216,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"); BigInteger a = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"); BigInteger b = FromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"); - byte[] S = Hex.Decode("1053CDE42C14D696E67687561517533BF3F83345"); + byte[] S = Hex.DecodeStrict("1053CDE42C14D696E67687561517533BF3F83345"); BigInteger n = FromHex("0100000000000000000001F4C8F927AED3CA752257"); BigInteger h = BigInteger.One; @@ -245,7 +245,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73"); BigInteger a = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70"); BigInteger b = FromHex("B4E134D3FB59EB8BAB57274904664D5AF50388BA"); - byte[] S = Hex.Decode("B99B99B099B323E02709A4D696E6768756151751"); + byte[] S = Hex.DecodeStrict("B99B99B099B323E02709A4D696E6768756151751"); BigInteger n = FromHex("0100000000000000000000351EE786A818F3A1A16B"); BigInteger h = BigInteger.One; @@ -317,7 +317,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"); BigInteger a = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"); BigInteger b = FromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"); - byte[] S = Hex.Decode("3045AE6FC8422F64ED579528D38120EAE12196D5"); + byte[] S = Hex.DecodeStrict("3045AE6FC8422F64ED579528D38120EAE12196D5"); BigInteger n = FromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"); BigInteger h = BigInteger.One; @@ -389,7 +389,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"); BigInteger a = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"); BigInteger b = FromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"); - byte[] S = Hex.Decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); + byte[] S = Hex.DecodeStrict("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); BigInteger n = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"); BigInteger h = BigInteger.One; @@ -461,7 +461,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); BigInteger a = FromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); BigInteger b = FromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); - byte[] S = Hex.Decode("C49D360886E704936A6678E1139D26B7819F7E90"); + byte[] S = Hex.DecodeStrict("C49D360886E704936A6678E1139D26B7819F7E90"); BigInteger n = FromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); BigInteger h = BigInteger.One; @@ -490,7 +490,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"); BigInteger a = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"); BigInteger b = FromHex("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"); - byte[] S = Hex.Decode("A335926AA319A27A1D00896A6773A4827ACDAC73"); + byte[] S = Hex.DecodeStrict("A335926AA319A27A1D00896A6773A4827ACDAC73"); BigInteger n = FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"); BigInteger h = BigInteger.One; @@ -520,7 +520,7 @@ namespace Org.BouncyCastle.Asn1.Sec BigInteger p = FromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); BigInteger a = FromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"); BigInteger b = FromHex("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"); - byte[] S = Hex.Decode("D09E8800291CB85396CC6717393284AAA0DA64BA"); + byte[] S = Hex.DecodeStrict("D09E8800291CB85396CC6717393284AAA0DA64BA"); BigInteger n = FromHex("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"); BigInteger h = BigInteger.One; @@ -551,7 +551,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("003088250CA6E7C7FE649CE85820F7"); BigInteger b = FromHex("00E8BEE4D3E2260744188BE0E9C723"); - byte[] S = Hex.Decode("10E723AB14D696E6768756151756FEBF8FCB49A9"); + byte[] S = Hex.DecodeStrict("10E723AB14D696E6768756151756FEBF8FCB49A9"); BigInteger n = FromHex("0100000000000000D9CCEC8A39E56F"); BigInteger h = BigInteger.ValueOf(2); @@ -581,7 +581,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("00689918DBEC7E5A0DD6DFC0AA55C7"); BigInteger b = FromHex("0095E9A9EC9B297BD4BF36E059184F"); - byte[] S = Hex.Decode("10C0FB15760860DEF1EEF4D696E676875615175D"); + byte[] S = Hex.DecodeStrict("10C0FB15760860DEF1EEF4D696E676875615175D"); BigInteger n = FromHex("010000000000000108789B2496AF93"); BigInteger h = BigInteger.ValueOf(2); @@ -613,7 +613,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("07A11B09A76B562144418FF3FF8C2570B8"); BigInteger b = FromHex("0217C05610884B63B9C6C7291678F9D341"); - byte[] S = Hex.Decode("4D696E676875615175985BD3ADBADA21B43A97E2"); + byte[] S = Hex.DecodeStrict("4D696E676875615175985BD3ADBADA21B43A97E2"); BigInteger n = FromHex("0400000000000000023123953A9464B54D"); BigInteger h = BigInteger.ValueOf(2); @@ -645,7 +645,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("03E5A88919D7CAFCBF415F07C2176573B2"); BigInteger b = FromHex("04B8266A46C55657AC734CE38F018F2192"); - byte[] S = Hex.Decode("985BD3ADBAD4D696E676875615175A21B43A97E3"); + byte[] S = Hex.DecodeStrict("985BD3ADBAD4D696E676875615175A21B43A97E3"); BigInteger n = FromHex("0400000000000000016954A233049BA98F"); BigInteger h = BigInteger.ValueOf(2); @@ -709,7 +709,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2"); BigInteger b = FromHex("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9"); - byte[] S = Hex.Decode("24B7B137C8A14D696E6768756151756FD0DA2E5C"); + byte[] S = Hex.DecodeStrict("24B7B137C8A14D696E6768756151756FD0DA2E5C"); BigInteger n = FromHex("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B"); BigInteger h = BigInteger.ValueOf(2); @@ -741,7 +741,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = BigInteger.One; BigInteger b = FromHex("020A601907B8C953CA1481EB10512F78744A3205FD"); - byte[] S = Hex.Decode("85E25BFE5C86226CDB12016F7553F9D0E693A268"); + byte[] S = Hex.DecodeStrict("85E25BFE5C86226CDB12016F7553F9D0E693A268"); BigInteger n = FromHex("040000000000000000000292FE77E70C12A4234C33"); BigInteger h = BigInteger.ValueOf(2); @@ -771,7 +771,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01"); BigInteger b = FromHex("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814"); - byte[] S = Hex.Decode("103FAEC74D696E676875615175777FC5B191EF30"); + byte[] S = Hex.DecodeStrict("103FAEC74D696E676875615175777FC5B191EF30"); BigInteger n = FromHex("01000000000000000000000000C7F34A778F443ACC920EBA49"); BigInteger h = BigInteger.ValueOf(2); @@ -801,7 +801,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = FromHex("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B"); BigInteger b = FromHex("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE"); - byte[] S = Hex.Decode("10B7B4D696E676875615175137C8A16FD0DA2211"); + byte[] S = Hex.DecodeStrict("10B7B4D696E676875615175137C8A16FD0DA2211"); BigInteger n = FromHex("010000000000000000000000015AAB561B005413CCD4EE99D5"); BigInteger h = BigInteger.ValueOf(2); @@ -861,7 +861,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = BigInteger.One; BigInteger b = FromHex("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD"); - byte[] S = Hex.Decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3"); + byte[] S = Hex.DecodeStrict("74D59FF07F6B413D0EA14B344B20A2DB049B50C3"); BigInteger n = FromHex("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7"); BigInteger h = BigInteger.ValueOf(2); @@ -956,7 +956,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = BigInteger.One; BigInteger b = FromHex("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5"); - byte[] S = Hex.Decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE"); + byte[] S = Hex.DecodeStrict("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE"); BigInteger n = FromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307"); BigInteger h = BigInteger.ValueOf(2); @@ -1018,7 +1018,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = BigInteger.One; BigInteger b = FromHex("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F"); - byte[] S = Hex.Decode("4099B5A457F9D69F79213D094C4BCD4D4262210B"); + byte[] S = Hex.DecodeStrict("4099B5A457F9D69F79213D094C4BCD4D4262210B"); BigInteger n = FromHex("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173"); BigInteger h = BigInteger.ValueOf(2); @@ -1084,7 +1084,7 @@ namespace Org.BouncyCastle.Asn1.Sec { BigInteger a = BigInteger.One; BigInteger b = FromHex("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A"); - byte[] S = Hex.Decode("2AA058F73A0E33AB486B0F610410C53A7F132310"); + byte[] S = Hex.DecodeStrict("2AA058F73A0E33AB486B0F610410C53A7F132310"); BigInteger n = FromHex("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47"); BigInteger h = BigInteger.ValueOf(2); diff --git a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs index 8393f3ea5..c9a1e7d76 100644 --- a/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs +++ b/crypto/src/asn1/teletrust/TeleTrusTNamedCurves.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Asn1.TeleTrust { private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -28,6 +28,11 @@ namespace Org.BouncyCastle.Asn1.TeleTrust return curve; } + private static BigInteger FromHex(string hex) + { + return new BigInteger(1, Hex.DecodeStrict(hex)); + } + internal class BrainpoolP160r1Holder : X9ECParametersHolder { @@ -37,13 +42,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("E95E4A5F737059DC60DF5991D45029409E60FC09"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q - new BigInteger("340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 16), // a - new BigInteger("1E589A8595423412134FAA2DBDEC95C8D8675E58", 16), // b + FromHex("E95E4A5F737059DC60DFC7AD95B3D8139515620F"), // q + FromHex("340E7BE2A280EB74E2BE61BADA745D97E8F7C300"), // a + FromHex("1E589A8595423412134FAA2DBDEC95C8D8675E58"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -62,14 +67,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("E95E4A5F737059DC60DF5991D45029409E60FC09", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("E95E4A5F737059DC60DF5991D45029409E60FC09"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("24DBFF5DEC9B986BBFE5295A29BFBAE45E0F5D0B", 16), // Z - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620F", 16), // q - new BigInteger("E95E4A5F737059DC60DFC7AD95B3D8139515620C", 16), // a' - new BigInteger("7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380", 16), // b' + //FromHex("24DBFF5DEC9B986BBFE5295A29BFBAE45E0F5D0B"), // Z + FromHex("E95E4A5F737059DC60DFC7AD95B3D8139515620F"), // q + FromHex("E95E4A5F737059DC60DFC7AD95B3D8139515620C"), // a + FromHex("7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -88,13 +93,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q - new BigInteger("6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 16), // a - new BigInteger("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 16), // b + FromHex("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297"), // q + FromHex("6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF"), // a + FromHex("469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -113,14 +118,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("1B6F5CC8DB4DC7AF19458A9CB80DC2295E5EB9C3732104CB") //Z - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 16), // q - new BigInteger("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294", 16), // a' - new BigInteger("13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79", 16), // b' + //FromHex("1B6F5CC8DB4DC7AF19458A9CB80DC2295E5EB9C3732104CB") // Z + FromHex("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297"), // q + FromHex("C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294"), // a + FromHex("13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -139,13 +144,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q - new BigInteger("68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 16), // a - new BigInteger("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 16), // b + FromHex("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF"), // q + FromHex("68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43"), // a + FromHex("2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -164,14 +169,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("2DF271E14427A346910CF7A2E6CFA7B3F484E5C2CCE1C8B730E28B3F") //Z - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 16), // q - new BigInteger("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC", 16), // a' - new BigInteger("4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D", 16), // b' + //FromHex("2DF271E14427A346910CF7A2E6CFA7B3F484E5C2CCE1C8B730E28B3F") // Z + FromHex("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF"), // q + FromHex("D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC"), // a + FromHex("4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -190,13 +195,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q - new BigInteger("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 16), // a - new BigInteger("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 16), // b + FromHex("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377"), // q + FromHex("7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9"), // a + FromHex("26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -215,14 +220,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0") //Z - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16), // q - new BigInteger("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374", 16), // a' - new BigInteger("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16), // b' + //FromHex("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0") // Z + FromHex("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377"), // q + FromHex("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374"), // a + FromHex("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -241,13 +246,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q - new BigInteger("3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 16), // a - new BigInteger("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 16), // b + FromHex("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27"), // q + FromHex("3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4"), // a + FromHex("520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -266,14 +271,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("15F75CAF668077F7E85B42EB01F0A81FF56ECD6191D55CB82B7D861458A18FEFC3E5AB7496F3C7B1") //Z - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 16), // q - new BigInteger("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E24", 16), // a' - new BigInteger("A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353", 16), // b' + //FromHex("15F75CAF668077F7E85B42EB01F0A81FF56ECD6191D55CB82B7D861458A18FEFC3E5AB7496F3C7B1") // Z + FromHex("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27"), // q + FromHex("D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E24"), // a + FromHex("A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -292,13 +297,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q - new BigInteger("7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 16), // a - new BigInteger("4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 16), // b + FromHex("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53"), // q + FromHex("7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826"), // a + FromHex("04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -317,14 +322,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C") //Z - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16), // q - new BigInteger("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC50", 16), // a' - new BigInteger("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16), // b' + //FromHex("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C") // Z + FromHex("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53"), // q + FromHex("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC50"), // a + FromHex("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -343,13 +348,13 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q - new BigInteger("7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 16), // a - new BigInteger("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 16), // b + FromHex("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3"), // q + FromHex("7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA"), // a + FromHex("3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -368,14 +373,14 @@ namespace Org.BouncyCastle.Asn1.TeleTrust protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16); - BigInteger h = new BigInteger("01", 16); + BigInteger n = FromHex("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069"); + BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - //new BigInteger("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB") //Z - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16), // q - new BigInteger("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0", 16), // a' - new BigInteger("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16), // b' + //FromHex("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB") // Z + FromHex("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3"), // q + FromHex("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0"), // a + FromHex("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E"), // b n, h)); X9ECPoint G = ConfigureBasepoint(curve, diff --git a/crypto/src/asn1/x500/style/IetfUtilities.cs b/crypto/src/asn1/x500/style/IetfUtilities.cs index 2c0ab45bc..53e5fccf4 100644 --- a/crypto/src/asn1/x500/style/IetfUtilities.cs +++ b/crypto/src/asn1/x500/style/IetfUtilities.cs @@ -138,7 +138,7 @@ namespace Org.BouncyCastle.Asn1.X500.Style { try { - return Asn1Object.FromByteArray(Hex.Decode(oValue.Substring(1))); + return Asn1Object.FromByteArray(Hex.DecodeStrict(oValue, 1, oValue.Length - 1)); } catch (IOException e) { diff --git a/crypto/src/asn1/x509/X509Name.cs b/crypto/src/asn1/x509/X509Name.cs index aa46caaac..c3c3cc6c9 100644 --- a/crypto/src/asn1/x509/X509Name.cs +++ b/crypto/src/asn1/x509/X509Name.cs @@ -928,7 +928,7 @@ namespace Org.BouncyCastle.Asn1.X509 { try { - return Asn1Object.FromByteArray(Hex.Decode(v.Substring(1))); + return Asn1Object.FromByteArray(Hex.DecodeStrict(v, 1, v.Length - 1)); } catch (IOException e) { diff --git a/crypto/src/asn1/x509/X509NameEntryConverter.cs b/crypto/src/asn1/x509/X509NameEntryConverter.cs index 5872656a9..a5a00cc59 100644 --- a/crypto/src/asn1/x509/X509NameEntryConverter.cs +++ b/crypto/src/asn1/x509/X509NameEntryConverter.cs @@ -61,9 +61,7 @@ namespace Org.BouncyCastle.Asn1.X509 string hexString, int offset) { - string str = hexString.Substring(offset); - - return Asn1Object.FromByteArray(Hex.Decode(str)); + return Asn1Object.FromByteArray(Hex.DecodeStrict(hexString, offset, hexString.Length - offset)); } /** diff --git a/crypto/src/asn1/x9/X962NamedCurves.cs b/crypto/src/asn1/x9/X962NamedCurves.cs index f8ba4144b..131e58ea3 100644 --- a/crypto/src/asn1/x9/X962NamedCurves.cs +++ b/crypto/src/asn1/x9/X962NamedCurves.cs @@ -21,7 +21,7 @@ namespace Org.BouncyCastle.Asn1.X9 private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -31,6 +31,11 @@ namespace Org.BouncyCastle.Asn1.X9 return curve; } + private static BigInteger FromHex(string hex) + { + return new BigInteger(1, Hex.DecodeStrict(hex)); + } + internal class Prime192v1Holder : X9ECParametersHolder { @@ -40,19 +45,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("ffffffffffffffffffffffff99def836146bc9b1b4d22831", 16); + BigInteger n = FromHex("ffffffffffffffffffffffff99def836146bc9b1b4d22831"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16), - new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), - new BigInteger("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1", 16), + FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"), + FromHex("fffffffffffffffffffffffffffffffefffffffffffffffc"), + FromHex("64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("3045AE6FC8422f64ED579528D38120EAE12196D5")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("3045AE6FC8422f64ED579528D38120EAE12196D5")); } } @@ -65,19 +70,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31", 16); + BigInteger n = FromHex("fffffffffffffffffffffffe5fb1a724dc80418648d8dd31"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16), - new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), - new BigInteger("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953", 16), + FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"), + FromHex("fffffffffffffffffffffffffffffffefffffffffffffffc"), + FromHex("cc22d6dfb95c6b25e49c0d6364a4e5980c393aa21668d953"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "03eea2bae7e1497842f2de7769cfe9c989c072ad696f48034a"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("31a92ee2029fd10d901b113e990710f0d21ac6b6")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("31a92ee2029fd10d901b113e990710f0d21ac6b6")); } } @@ -90,19 +95,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("ffffffffffffffffffffffff7a62d031c83f4294f640ec13", 16); + BigInteger n = FromHex("ffffffffffffffffffffffff7a62d031c83f4294f640ec13"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( - new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 16), - new BigInteger("fffffffffffffffffffffffffffffffefffffffffffffffc", 16), - new BigInteger("22123dc2395a05caa7423daeccc94760a7d462256bd56916", 16), + FromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"), + FromHex("fffffffffffffffffffffffffffffffefffffffffffffffc"), + FromHex("22123dc2395a05caa7423daeccc94760a7d462256bd56916"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "027d29778100c65a1da1783716588dce2b8b4aee8e228f1896"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("c469684435deb378c4b65ca9591e2a5763059a2e")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("c469684435deb378c4b65ca9591e2a5763059a2e")); } } @@ -115,19 +120,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b", 16); + BigInteger n = FromHex("7fffffffffffffffffffffff7fffff9e5e9a9f5d9071fbd1522688909d0b"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), - new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), - new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16), + FromHex("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc"), + FromHex("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("e43bb460f0b80cc0c0b075798e948060f8321b7d")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("e43bb460f0b80cc0c0b075798e948060f8321b7d")); } } @@ -140,19 +145,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063", 16); + BigInteger n = FromHex("7fffffffffffffffffffffff800000cfa7e8594377d414c03821bc582063"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), - new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), - new BigInteger("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c", 16), + FromHex("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc"), + FromHex("617fab6832576cbbfed50d99f0249c3fee58b94ba0038c7ae84c8c832f2c"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "0238af09d98727705120c921bb5e9e26296a3cdcf2f35757a0eafd87b830e7"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("e8b4011604095303ca3b8099982be09fcb9ae616")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("e8b4011604095303ca3b8099982be09fcb9ae616")); } } @@ -165,19 +170,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551", 16); + BigInteger n = FromHex("7fffffffffffffffffffffff7fffff975deb41b3a6057c3c432146526551"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), - new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), - new BigInteger("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e", 16), + FromHex("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc"), + FromHex("255705fa2a306654b1f4cb03d6a750a30c250102d4988717d9ba15ab6d3e"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "036768ae8e18bb92cfcf005c949aa2c6d94853d0e660bbf854b1c9505fe95a"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("7d7374168ffe3471b60a857686a19475d3bfa2ff")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("7d7374168ffe3471b60a857686a19475d3bfa2ff")); } } @@ -190,19 +195,19 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16); + BigInteger n = FromHex("ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"); BigInteger h = BigInteger.One; ECCurve curve = ConfigureCurve(new FpCurve( new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951"), - new BigInteger("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16), - new BigInteger("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16), + FromHex("ffffffff00000001000000000000000000000000fffffffffffffffffffffffc"), + FromHex("5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "036b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("c49d360886e704936a6678e1139d26b7819f7e90")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("c49d360886e704936a6678e1139d26b7819f7e90")); } } @@ -218,20 +223,20 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0400000000000000000001E60FC8821CC74DAEAFC1", 16); + BigInteger n = FromHex("0400000000000000000001E60FC8821CC74DAEAFC1"); BigInteger h = BigInteger.Two; ECCurve curve = ConfigureCurve(new F2mCurve( 163, 1, 2, 8, - new BigInteger("072546B5435234A422E0789675F432C89435DE5242", 16), - new BigInteger("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", 16), + FromHex("072546B5435234A422E0789675F432C89435DE5242"), + FromHex("00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "0307AF69989546103D79329FCC3D74880F33BBE803CB"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("D2C0FB15760860DEF1EEF4D696E6768756151754")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("D2C0FB15760860DEF1EEF4D696E6768756151754")); } } @@ -244,14 +249,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 16); + BigInteger n = FromHex("03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7"); BigInteger h = BigInteger.Two; ECCurve curve = ConfigureCurve(new F2mCurve( 163, 1, 2, 8, - new BigInteger("0108B39E77C4B108BED981ED0E890E117C511CF072", 16), - new BigInteger("0667ACEB38AF4E488C407433FFAE4F1C811638DF20", 16), + FromHex("0108B39E77C4B108BED981ED0E890E117C511CF072"), + FromHex("0667ACEB38AF4E488C407433FFAE4F1C811638DF20"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -270,14 +275,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 16); + BigInteger n = FromHex("03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309"); BigInteger h = BigInteger.Two; ECCurve curve = ConfigureCurve(new F2mCurve( 163, 1, 2, 8, - new BigInteger("07A526C63D3E25A256A007699F5447E32AE456B50E", 16), - new BigInteger("03F7061798EB99E238FD6F1BF95B48FEEB4854252B", 16), + FromHex("07A526C63D3E25A256A007699F5447E32AE456B50E"), + FromHex("03F7061798EB99E238FD6F1BF95B48FEEB4854252B"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -296,14 +301,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("010092537397ECA4F6145799D62B0A19CE06FE26AD", 16); + BigInteger n = FromHex("010092537397ECA4F6145799D62B0A19CE06FE26AD"); BigInteger h = BigInteger.ValueOf(0xFF6E); ECCurve curve = ConfigureCurve(new F2mCurve( 176, 1, 2, 43, - new BigInteger("00E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", 16), - new BigInteger("005DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", 16), + FromHex("E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B"), + FromHex("5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -322,20 +327,20 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("40000000000000000000000004A20E90C39067C893BBB9A5", 16); + BigInteger n = FromHex("40000000000000000000000004A20E90C39067C893BBB9A5"); BigInteger h = BigInteger.Two; ECCurve curve = ConfigureCurve(new F2mCurve( 191, 9, - new BigInteger("2866537B676752636A68F56554E12640276B649EF7526267", 16), - new BigInteger("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", 16), + FromHex("2866537B676752636A68F56554E12640276B649EF7526267"), + FromHex("2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, "0236B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D"); - return new X9ECParameters(curve, G, n, h, Hex.Decode("4E13CA542744D696E67687561517552F279A8C84")); + return new X9ECParameters(curve, G, n, h, Hex.DecodeStrict("4E13CA542744D696E67687561517552F279A8C84")); } } @@ -348,14 +353,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("20000000000000000000000050508CB89F652824E06B8173", 16); + BigInteger n = FromHex("20000000000000000000000050508CB89F652824E06B8173"); BigInteger h = BigInteger.ValueOf(4); ECCurve curve = ConfigureCurve(new F2mCurve( 191, 9, - new BigInteger("401028774D7777C7B7666D1366EA432071274F89FF01E718", 16), - new BigInteger("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", 16), + FromHex("401028774D7777C7B7666D1366EA432071274F89FF01E718"), + FromHex("0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -374,14 +379,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("155555555555555555555555610C0B196812BFB6288A3EA3", 16); + BigInteger n = FromHex("155555555555555555555555610C0B196812BFB6288A3EA3"); BigInteger h = BigInteger.ValueOf(6); ECCurve curve = ConfigureCurve(new F2mCurve( 191, 9, - new BigInteger("6C01074756099122221056911C77D77E77A777E7E7E77FCB", 16), - new BigInteger("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", 16), + FromHex("6C01074756099122221056911C77D77E77A777E7E7E77FCB"), + FromHex("71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -400,14 +405,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 16); + BigInteger n = FromHex("0101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D"); BigInteger h = BigInteger.ValueOf(0xFE48); ECCurve curve = ConfigureCurve(new F2mCurve( 208, 1, 2, 83, - new BigInteger("0", 16), - new BigInteger("00C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", 16), + BigInteger.Zero, + FromHex("C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -426,14 +431,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 16); + BigInteger n = FromHex("2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447"); BigInteger h = BigInteger.ValueOf(4); ECCurve curve = ConfigureCurve(new F2mCurve( 239, 36, - new BigInteger("32010857077C5431123A46B808906756F543423E8D27877578125778AC76", 16), - new BigInteger("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", 16), + FromHex("32010857077C5431123A46B808906756F543423E8D27877578125778AC76"), + FromHex("790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -452,14 +457,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 16); + BigInteger n = FromHex("1555555555555555555555555555553C6F2885259C31E3FCDF154624522D"); BigInteger h = BigInteger.ValueOf(6); ECCurve curve = ConfigureCurve(new F2mCurve( 239, 36, - new BigInteger("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", 16), - new BigInteger("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", 16), + FromHex("4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F"), + FromHex("5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -478,14 +483,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 16); + BigInteger n = FromHex("0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF"); BigInteger h = BigInteger.ValueOf(10); ECCurve curve = ConfigureCurve(new F2mCurve( 239, 36, - new BigInteger("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", 16), - new BigInteger("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", 16), + FromHex("01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F"), + FromHex("6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -504,14 +509,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 16); + BigInteger n = FromHex("0100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521"); BigInteger h = BigInteger.ValueOf(0xFF06); ECCurve curve = ConfigureCurve(new F2mCurve( 272, 1, 3, 56, - new BigInteger("0091A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", 16), - new BigInteger("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", 16), + FromHex("91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20"), + FromHex("7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -530,14 +535,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D", 16); + BigInteger n = FromHex("0101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164443051D"); BigInteger h = BigInteger.ValueOf(0xFE2E); ECCurve curve = ConfigureCurve(new F2mCurve( 304, 1, 2, 11, - new BigInteger("00FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681", 16), - new BigInteger("00BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE", 16), + FromHex("FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A0396C8E681"), + FromHex("BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E55827340BE"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -556,14 +561,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B", 16); + BigInteger n = FromHex("01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB964FE7719E74F490758D3B"); BigInteger h = BigInteger.ValueOf(0x4C); ECCurve curve = ConfigureCurve(new F2mCurve( 359, 68, - new BigInteger("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557", 16), - new BigInteger("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988", 16), + FromHex("5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05656FB549016A96656A557"), + FromHex("2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC345626089687742B6329E70680231988"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -582,14 +587,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967", 16); + BigInteger n = FromHex("010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E909AE40A6F131E9CFCE5BD967"); BigInteger h = BigInteger.ValueOf(0xFF70); ECCurve curve = ConfigureCurve(new F2mCurve( 368, 1, 2, 85, - new BigInteger("00E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D", 16), - new BigInteger("00FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A", 16), + FromHex("E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62F0AB7519CCD2A1A906AE30D"), + FromHex("FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112D84D164F444F8F74786046A"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, @@ -608,14 +613,14 @@ namespace Org.BouncyCastle.Asn1.X9 protected override X9ECParameters CreateParameters() { - BigInteger n = new BigInteger("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91", 16); + BigInteger n = FromHex("0340340340340340340340340340340340340340340340340340340323C313FAB50589703B5EC68D3587FEC60D161CC149C1AD4A91"); BigInteger h = BigInteger.ValueOf(0x2760); ECCurve curve = ConfigureCurve(new F2mCurve( 431, 120, - new BigInteger("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F", 16), - new BigInteger("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618", 16), + FromHex("1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0EB9906D0957F6C6FEACD615468DF104DE296CD8F"), + FromHex("10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B626D4E50A8DD731B107A9962381FB5D807BF2618"), n, h)); X9ECPoint G = ConfigureBasepoint(curve, diff --git a/crypto/src/crypto/BufferedAeadCipher.cs b/crypto/src/crypto/BufferedAeadCipher.cs new file mode 100644 index 000000000..c689c1eab --- /dev/null +++ b/crypto/src/crypto/BufferedAeadCipher.cs @@ -0,0 +1,246 @@ +using System; + +using Org.BouncyCastle.Crypto.Modes; +using Org.BouncyCastle.Crypto.Parameters; + +namespace Org.BouncyCastle.Crypto +{ + /** + * The AEAD ciphers already handle buffering internally, so this class + * just takes care of implementing IBufferedCipher methods. + */ + public class BufferedAeadCipher + : BufferedCipherBase + { + private readonly IAeadCipher cipher; + + public BufferedAeadCipher(IAeadCipher cipher) + { + if (cipher == null) + throw new ArgumentNullException("cipher"); + + this.cipher = cipher; + } + + public override string AlgorithmName + { + get { return cipher.AlgorithmName; } + } + + /** + * initialise the cipher. + * + * @param forEncryption if true the cipher is initialised for + * encryption, if false for decryption. + * @param param the key and other data required by the cipher. + * @exception ArgumentException if the parameters argument is + * inappropriate. + */ + public override void Init( + bool forEncryption, + ICipherParameters parameters) + { + if (parameters is ParametersWithRandom) + { + parameters = ((ParametersWithRandom)parameters).Parameters; + } + + cipher.Init(forEncryption, parameters); + } + + /** + * return the blocksize for the underlying cipher. + * + * @return the blocksize for the underlying cipher. + */ + public override int GetBlockSize() + { + return 0; + } + + /** + * return the size of the output buffer required for an update + * an input of len bytes. + * + * @param len the length of the input. + * @return the space required to accommodate a call to update + * with len bytes of input. + */ + public override int GetUpdateOutputSize( + int length) + { + return cipher.GetUpdateOutputSize(length); + } + + /** + * return the size of the output buffer required for an update plus a + * doFinal with an input of len bytes. + * + * @param len the length of the input. + * @return the space required to accommodate a call to update and doFinal + * with len bytes of input. + */ + public override int GetOutputSize( + int length) + { + return cipher.GetOutputSize(length); + } + + /** + * process a single byte, producing an output block if necessary. + * + * @param in the input byte. + * @param out the space for any output that might be produced. + * @param outOff the offset from which the output will be copied. + * @return the number of output bytes copied to out. + * @exception DataLengthException if there isn't enough space in out. + * @exception InvalidOperationException if the cipher isn't initialised. + */ + public override int ProcessByte( + byte input, + byte[] output, + int outOff) + { + return cipher.ProcessByte(input, output, outOff); + } + + public override byte[] ProcessByte( + byte input) + { + int outLength = GetUpdateOutputSize(1); + + byte[] outBytes = outLength > 0 ? new byte[outLength] : null; + + int pos = ProcessByte(input, outBytes, 0); + + if (outLength > 0 && pos < outLength) + { + byte[] tmp = new byte[pos]; + Array.Copy(outBytes, 0, tmp, 0, pos); + outBytes = tmp; + } + + return outBytes; + } + + public override byte[] ProcessBytes( + byte[] input, + int inOff, + int length) + { + if (input == null) + throw new ArgumentNullException("input"); + if (length < 1) + return null; + + int outLength = GetUpdateOutputSize(length); + + byte[] outBytes = outLength > 0 ? new byte[outLength] : null; + + int pos = ProcessBytes(input, inOff, length, outBytes, 0); + + if (outLength > 0 && pos < outLength) + { + byte[] tmp = new byte[pos]; + Array.Copy(outBytes, 0, tmp, 0, pos); + outBytes = tmp; + } + + return outBytes; + } + + /** + * process an array of bytes, producing output if necessary. + * + * @param in the input byte array. + * @param inOff the offset at which the input data starts. + * @param len the number of bytes to be copied out of the input array. + * @param out the space for any output that might be produced. + * @param outOff the offset from which the output will be copied. + * @return the number of output bytes copied to out. + * @exception DataLengthException if there isn't enough space in out. + * @exception InvalidOperationException if the cipher isn't initialised. + */ + public override int ProcessBytes( + byte[] input, + int inOff, + int length, + byte[] output, + int outOff) + { + return cipher.ProcessBytes(input, inOff, length, output, outOff); + } + + public override byte[] DoFinal() + { + byte[] outBytes = new byte[GetOutputSize(0)]; + + int pos = DoFinal(outBytes, 0); + + if (pos < outBytes.Length) + { + byte[] tmp = new byte[pos]; + Array.Copy(outBytes, 0, tmp, 0, pos); + outBytes = tmp; + } + + return outBytes; + } + + public override byte[] DoFinal( + byte[] input, + int inOff, + int inLen) + { + if (input == null) + throw new ArgumentNullException("input"); + + byte[] outBytes = new byte[GetOutputSize(inLen)]; + + int pos = (inLen > 0) + ? ProcessBytes(input, inOff, inLen, outBytes, 0) + : 0; + + pos += DoFinal(outBytes, pos); + + if (pos < outBytes.Length) + { + byte[] tmp = new byte[pos]; + Array.Copy(outBytes, 0, tmp, 0, pos); + outBytes = tmp; + } + + return outBytes; + } + + /** + * Process the last block in the buffer. + * + * @param out the array the block currently being held is copied into. + * @param outOff the offset at which the copying starts. + * @return the number of output bytes copied to out. + * @exception DataLengthException if there is insufficient space in out for + * the output, or the input is not block size aligned and should be. + * @exception InvalidOperationException if the underlying cipher is not + * initialised. + * @exception InvalidCipherTextException if padding is expected and not found. + * @exception DataLengthException if the input is not block size + * aligned. + */ + public override int DoFinal( + byte[] output, + int outOff) + { + return cipher.DoFinal(output, outOff); + } + + /** + * Reset the buffer and cipher. After resetting the object is in the same + * state as it was after the last init (if there was one). + */ + public override void Reset() + { + cipher.Reset(); + } + } +} diff --git a/crypto/src/crypto/Check.cs b/crypto/src/crypto/Check.cs index 96a05c64b..aacda144f 100644 --- a/crypto/src/crypto/Check.cs +++ b/crypto/src/crypto/Check.cs @@ -12,13 +12,13 @@ namespace Org.BouncyCastle.Crypto internal static void DataLength(byte[] buf, int off, int len, string msg) { - if (off + len > buf.Length) + if (off > (buf.Length - len)) throw new DataLengthException(msg); } internal static void OutputLength(byte[] buf, int off, int len, string msg) { - if (off + len > buf.Length) + if (off > (buf.Length - len)) throw new OutputLengthException(msg); } } diff --git a/crypto/src/crypto/agreement/DHStandardGroups.cs b/crypto/src/crypto/agreement/DHStandardGroups.cs index 0143c6325..59f1ae72b 100644 --- a/crypto/src/crypto/agreement/DHStandardGroups.cs +++ b/crypto/src/crypto/agreement/DHStandardGroups.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Crypto.Agreement { private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } private static DHParameters FromPG(string hexP, string hexG) diff --git a/crypto/src/crypto/agreement/srp/SRP6StandardGroups.cs b/crypto/src/crypto/agreement/srp/SRP6StandardGroups.cs index 36f4aba11..464777d2a 100644 --- a/crypto/src/crypto/agreement/srp/SRP6StandardGroups.cs +++ b/crypto/src/crypto/agreement/srp/SRP6StandardGroups.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Crypto.Agreement.Srp { private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } private static Srp6GroupParameters FromNG(string hexN, string hexG) diff --git a/crypto/src/crypto/ec/CustomNamedCurves.cs b/crypto/src/crypto/ec/CustomNamedCurves.cs index a9f60dd8c..a508a4252 100644 --- a/crypto/src/crypto/ec/CustomNamedCurves.cs +++ b/crypto/src/crypto/ec/CustomNamedCurves.cs @@ -26,7 +26,7 @@ namespace Org.BouncyCastle.Crypto.EC private static X9ECPoint ConfigureBasepoint(ECCurve curve, string encoding) { - X9ECPoint G = new X9ECPoint(curve, Hex.Decode(encoding)); + X9ECPoint G = new X9ECPoint(curve, Hex.DecodeStrict(encoding)); WNafUtilities.ConfigureBasepoint(G.Point); return G; } @@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Crypto.EC private static BigInteger FromHex(string hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } /* @@ -89,7 +89,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("000E0D4D696E6768756151750CC03A4473D03679"); + byte[] S = Hex.DecodeStrict("000E0D4D696E6768756151750CC03A4473D03679"); ECCurve curve = ConfigureCurve(new SecP128R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04161FF7528B899B2D0C28607CA52C5B86CF5AC8395BAFEB13C02DA292DDED7A83"); @@ -142,7 +142,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("1053CDE42C14D696E67687561517533BF3F83345"); + byte[] S = Hex.DecodeStrict("1053CDE42C14D696E67687561517533BF3F83345"); ECCurve curve = ConfigureCurve(new SecP160R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "044A96B5688EF573284664698968C38BB913CBFC8223A628553168947D59DCC912042351377AC5FB32"); @@ -162,7 +162,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("B99B99B099B323E02709A4D696E6768756151751"); + byte[] S = Hex.DecodeStrict("B99B99B099B323E02709A4D696E6768756151751"); ECCurve curve = ConfigureCurve(new SecP160R2Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0452DCB034293A117E1F4FF11B30F7199D3144CE6DFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"); @@ -215,7 +215,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("3045AE6FC8422F64ED579528D38120EAE12196D5"); + byte[] S = Hex.DecodeStrict("3045AE6FC8422F64ED579528D38120EAE12196D5"); ECCurve curve = ConfigureCurve(new SecP192R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF101207192B95FFC8DA78631011ED6B24CDD573F977A11E794811"); @@ -268,7 +268,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); + byte[] S = Hex.DecodeStrict("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); ECCurve curve = ConfigureCurve(new SecP224R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"); @@ -321,7 +321,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("C49D360886E704936A6678E1139D26B7819F7E90"); + byte[] S = Hex.DecodeStrict("C49D360886E704936A6678E1139D26B7819F7E90"); ECCurve curve = ConfigureCurve(new SecP256R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"); @@ -341,7 +341,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("A335926AA319A27A1D00896A6773A4827ACDAC73"); + byte[] S = Hex.DecodeStrict("A335926AA319A27A1D00896A6773A4827ACDAC73"); ECCurve curve = ConfigureCurve(new SecP384R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04" + "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7" @@ -362,7 +362,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("D09E8800291CB85396CC6717393284AAA0DA64BA"); + byte[] S = Hex.DecodeStrict("D09E8800291CB85396CC6717393284AAA0DA64BA"); ECCurve curve = ConfigureCurve(new SecP521R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04" + "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66" @@ -383,7 +383,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("10E723AB14D696E6768756151756FEBF8FCB49A9"); + byte[] S = Hex.DecodeStrict("10E723AB14D696E6768756151756FEBF8FCB49A9"); ECCurve curve = ConfigureCurve(new SecT113R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04009D73616F35F4AB1407D73562C10F00A52830277958EE84D1315ED31886"); @@ -403,7 +403,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("10C0FB15760860DEF1EEF4D696E676875615175D"); + byte[] S = Hex.DecodeStrict("10C0FB15760860DEF1EEF4D696E676875615175D"); ECCurve curve = ConfigureCurve(new SecT113R2Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0401A57A6A7B26CA5EF52FCDB816479700B3ADC94ED1FE674C06E695BABA1D"); @@ -423,7 +423,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("4D696E676875615175985BD3ADBADA21B43A97E2"); + byte[] S = Hex.DecodeStrict("4D696E676875615175985BD3ADBADA21B43A97E2"); ECCurve curve = ConfigureCurve(new SecT131R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "040081BAF91FDF9833C40F9C181343638399078C6E7EA38C001F73C8134B1B4EF9E150"); @@ -443,7 +443,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("985BD3ADBAD4D696E676875615175A21B43A97E3"); + byte[] S = Hex.DecodeStrict("985BD3ADBAD4D696E676875615175A21B43A97E3"); ECCurve curve = ConfigureCurve(new SecT131R2Curve()); X9ECPoint G = ConfigureBasepoint(curve, "040356DCD8F2F95031AD652D23951BB366A80648F06D867940A5366D9E265DE9EB240F"); @@ -483,7 +483,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("24B7B137C8A14D696E6768756151756FD0DA2E5C"); + byte[] S = Hex.DecodeStrict("24B7B137C8A14D696E6768756151756FD0DA2E5C"); ECCurve curve = ConfigureCurve(new SecT163R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "040369979697AB43897789566789567F787A7876A65400435EDB42EFAFB2989D51FEFCE3C80988F41FF883"); @@ -503,7 +503,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("85E25BFE5C86226CDB12016F7553F9D0E693A268"); + byte[] S = Hex.DecodeStrict("85E25BFE5C86226CDB12016F7553F9D0E693A268"); ECCurve curve = ConfigureCurve(new SecT163R2Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0403F0EBA16286A2D57EA0991168D4994637E8343E3600D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"); @@ -523,7 +523,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("103FAEC74D696E676875615175777FC5B191EF30"); + byte[] S = Hex.DecodeStrict("103FAEC74D696E676875615175777FC5B191EF30"); ECCurve curve = ConfigureCurve(new SecT193R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0401F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E10025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"); @@ -543,7 +543,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("10B7B4D696E676875615175137C8A16FD0DA2211"); + byte[] S = Hex.DecodeStrict("10B7B4D696E676875615175137C8A16FD0DA2211"); ECCurve curve = ConfigureCurve(new SecT193R2Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0400D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"); @@ -583,7 +583,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3"); + byte[] S = Hex.DecodeStrict("74D59FF07F6B413D0EA14B344B20A2DB049B50C3"); ECCurve curve = ConfigureCurve(new SecT233R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "0400FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"); @@ -644,7 +644,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE"); + byte[] S = Hex.DecodeStrict("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE"); ECCurve curve = ConfigureCurve(new SecT283R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04" + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053" @@ -686,7 +686,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("4099B5A457F9D69F79213D094C4BCD4D4262210B"); + byte[] S = Hex.DecodeStrict("4099B5A457F9D69F79213D094C4BCD4D4262210B"); ECCurve curve = ConfigureCurve(new SecT409R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04" + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7" @@ -728,7 +728,7 @@ namespace Org.BouncyCastle.Crypto.EC protected override X9ECParameters CreateParameters() { - byte[] S = Hex.Decode("2AA058F73A0E33AB486B0F610410C53A7F132310"); + byte[] S = Hex.DecodeStrict("2AA058F73A0E33AB486B0F610410C53A7F132310"); ECCurve curve = ConfigureCurve(new SecT571R1Curve()); X9ECPoint G = ConfigureBasepoint(curve, "04" + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19" diff --git a/crypto/src/crypto/engines/ChaCha7539Engine.cs b/crypto/src/crypto/engines/ChaCha7539Engine.cs index af4163a02..206416a98 100644 --- a/crypto/src/crypto/engines/ChaCha7539Engine.cs +++ b/crypto/src/crypto/engines/ChaCha7539Engine.cs @@ -14,12 +14,13 @@ namespace Org.BouncyCastle.Crypto.Engines /// Creates a 20 rounds ChaCha engine. /// </summary> public ChaCha7539Engine() + : base() { } public override string AlgorithmName { - get { return "ChaCha7539" + rounds; } + get { return "ChaCha7539"; } } protected override int NonceSize diff --git a/crypto/src/crypto/generators/DsaParametersGenerator.cs b/crypto/src/crypto/generators/DsaParametersGenerator.cs index d7ae3ec54..97c20d1d9 100644 --- a/crypto/src/crypto/generators/DsaParametersGenerator.cs +++ b/crypto/src/crypto/generators/DsaParametersGenerator.cs @@ -300,7 +300,7 @@ namespace Org.BouncyCastle.Crypto.Generators { // A.2.3 Verifiable Canonical Generation of the Generator g BigInteger e = p.Subtract(BigInteger.One).Divide(q); - byte[] ggen = Hex.Decode("6767656E"); + byte[] ggen = Hex.DecodeStrict("6767656E"); // 7. U = domain_parameter_seed || "ggen" || index || count. byte[] U = new byte[seed.Length + ggen.Length + 1 + 2]; diff --git a/crypto/src/crypto/modes/CcmBlockCipher.cs b/crypto/src/crypto/modes/CcmBlockCipher.cs index fa97ec840..2981fdcb2 100644 --- a/crypto/src/crypto/modes/CcmBlockCipher.cs +++ b/crypto/src/crypto/modes/CcmBlockCipher.cs @@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Crypto.Modes nonce = param.GetNonce(); initialAssociatedText = param.GetAssociatedText(); - macSize = param.MacSize / 8; + macSize = GetMacSize(forEncryption, param.MacSize); cipherParameters = param.Key; } else if (parameters is ParametersWithIV) @@ -77,7 +77,7 @@ namespace Org.BouncyCastle.Crypto.Modes nonce = param.GetIV(); initialAssociatedText = null; - macSize = macBlock.Length / 2; + macSize = GetMacSize(forEncryption, 64); cipherParameters = param.Parameters; } else @@ -434,6 +434,14 @@ namespace Org.BouncyCastle.Crypto.Modes return cMac.DoFinal(macBlock, 0); } + private int GetMacSize(bool forEncryption, int requestedMacBits) + { + if (forEncryption && (requestedMacBits < 32 || requestedMacBits > 128 || 0 != (requestedMacBits & 15))) + throw new ArgumentException("tag length in octets must be one of {4,6,8,10,12,14,16}"); + + return requestedMacBits >> 3; + } + private int GetAssociatedTextLength() { return (int)associatedText.Length + ((initialAssociatedText == null) ? 0 : initialAssociatedText.Length); diff --git a/crypto/src/crypto/modes/ChaCha20Poly1305.cs b/crypto/src/crypto/modes/ChaCha20Poly1305.cs new file mode 100644 index 000000000..9cc62174c --- /dev/null +++ b/crypto/src/crypto/modes/ChaCha20Poly1305.cs @@ -0,0 +1,551 @@ +using System; + +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Macs; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Utilities; +using Org.BouncyCastle.Utilities; + +namespace Org.BouncyCastle.Crypto.Modes +{ + public class ChaCha20Poly1305 + : IAeadCipher + { + private enum State + { + Uninitialized = 0, + EncInit = 1, + EncAad = 2, + EncData = 3, + EncFinal = 4, + DecInit = 5, + DecAad = 6, + DecData = 7, + DecFinal = 8, + } + + private const int BufSize = 64; + private const int KeySize = 32; + private const int NonceSize = 12; + private const int MacSize = 16; + private static readonly byte[] Zeroes = new byte[MacSize - 1]; + + private const ulong AadLimit = ulong.MaxValue; + private const ulong DataLimit = ((1UL << 32) - 1) * 64; + + private readonly ChaCha7539Engine mChacha20; + private readonly IMac mPoly1305; + + private readonly byte[] mKey = new byte[KeySize]; + private readonly byte[] mNonce = new byte[NonceSize]; + private readonly byte[] mBuf = new byte[BufSize + MacSize]; + private readonly byte[] mMac = new byte[MacSize]; + + private byte[] mInitialAad; + + private ulong mAadCount; + private ulong mDataCount; + private State mState = State.Uninitialized; + private int mBufPos; + + public ChaCha20Poly1305() + : this(new Poly1305()) + { + } + + public ChaCha20Poly1305(IMac poly1305) + { + if (null == poly1305) + throw new ArgumentNullException("poly1305"); + if (MacSize != poly1305.GetMacSize()) + throw new ArgumentException("must be a 128-bit MAC", "poly1305"); + + this.mChacha20 = new ChaCha7539Engine(); + this.mPoly1305 = poly1305; + } + + public virtual string AlgorithmName + { + get { return "ChaCha20Poly1305"; } + } + + public virtual void Init(bool forEncryption, ICipherParameters parameters) + { + KeyParameter initKeyParam; + byte[] initNonce; + ICipherParameters chacha20Params; + + if (parameters is AeadParameters) + { + AeadParameters aeadParams = (AeadParameters)parameters; + + int macSizeBits = aeadParams.MacSize; + if ((MacSize * 8) != macSizeBits) + throw new ArgumentException("Invalid value for MAC size: " + macSizeBits); + + initKeyParam = aeadParams.Key; + initNonce = aeadParams.GetNonce(); + chacha20Params = new ParametersWithIV(initKeyParam, initNonce); + + this.mInitialAad = aeadParams.GetAssociatedText(); + } + else if (parameters is ParametersWithIV) + { + ParametersWithIV ivParams = (ParametersWithIV)parameters; + + initKeyParam = (KeyParameter)ivParams.Parameters; + initNonce = ivParams.GetIV(); + chacha20Params = ivParams; + + this.mInitialAad = null; + } + else + { + throw new ArgumentException("invalid parameters passed to ChaCha20Poly1305", "parameters"); + } + + // Validate key + if (null == initKeyParam) + { + if (State.Uninitialized == mState) + throw new ArgumentException("Key must be specified in initial init"); + } + else + { + if (KeySize != initKeyParam.GetKey().Length) + throw new ArgumentException("Key must be 256 bits"); + } + + // Validate nonce + if (null == initNonce || NonceSize != initNonce.Length) + throw new ArgumentException("Nonce must be 96 bits"); + + // Check for encryption with reused nonce + if (State.Uninitialized != mState && forEncryption && Arrays.AreEqual(mNonce, initNonce)) + { + if (null == initKeyParam || Arrays.AreEqual(mKey, initKeyParam.GetKey())) + throw new ArgumentException("cannot reuse nonce for ChaCha20Poly1305 encryption"); + } + + if (null != initKeyParam) + { + Array.Copy(initKeyParam.GetKey(), 0, mKey, 0, KeySize); + } + + Array.Copy(initNonce, 0, mNonce, 0, NonceSize); + + mChacha20.Init(true, chacha20Params); + + this.mState = forEncryption ? State.EncInit : State.DecInit; + + Reset(true, false); + } + + public virtual int GetOutputSize(int len) + { + int total = System.Math.Max(0, len) + mBufPos; + + switch (mState) + { + case State.DecInit: + case State.DecAad: + case State.DecData: + return System.Math.Max(0, total - MacSize); + case State.EncInit: + case State.EncAad: + case State.EncData: + return total + MacSize; + default: + throw new InvalidOperationException(); + } + } + + public virtual int GetUpdateOutputSize(int len) + { + int total = System.Math.Max(0, len) + mBufPos; + + switch (mState) + { + case State.DecInit: + case State.DecAad: + case State.DecData: + total = System.Math.Max(0, total - MacSize); + break; + case State.EncInit: + case State.EncAad: + case State.EncData: + break; + default: + throw new InvalidOperationException(); + } + + return total - (total % BufSize); + } + + public virtual void ProcessAadByte(byte input) + { + CheckAad(); + + this.mAadCount = IncrementCount(mAadCount, 1, AadLimit); + mPoly1305.Update(input); + } + + public virtual void ProcessAadBytes(byte[] inBytes, int inOff, int len) + { + if (null == inBytes) + throw new ArgumentNullException("inBytes"); + if (inOff < 0) + throw new ArgumentException("cannot be negative", "inOff"); + if (len < 0) + throw new ArgumentException("cannot be negative", "len"); + Check.DataLength(inBytes, inOff, len, "input buffer too short"); + + CheckAad(); + + if (len > 0) + { + this.mAadCount = IncrementCount(mAadCount, (uint)len, AadLimit); + mPoly1305.BlockUpdate(inBytes, inOff, len); + } + } + + public virtual int ProcessByte(byte input, byte[] outBytes, int outOff) + { + CheckData(); + + switch (mState) + { + case State.DecData: + { + mBuf[mBufPos] = input; + if (++mBufPos == mBuf.Length) + { + mPoly1305.BlockUpdate(mBuf, 0, BufSize); + ProcessData(mBuf, 0, BufSize, outBytes, outOff); + Array.Copy(mBuf, BufSize, mBuf, 0, MacSize); + this.mBufPos = MacSize; + return BufSize; + } + + return 0; + } + case State.EncData: + { + mBuf[mBufPos] = input; + if (++mBufPos == BufSize) + { + ProcessData(mBuf, 0, BufSize, outBytes, outOff); + mPoly1305.BlockUpdate(outBytes, outOff, BufSize); + this.mBufPos = 0; + return BufSize; + } + + return 0; + } + default: + throw new InvalidOperationException(); + } + } + + public virtual int ProcessBytes(byte[] inBytes, int inOff, int len, byte[] outBytes, int outOff) + { + if (null == inBytes) + throw new ArgumentNullException("inBytes"); + if (null == outBytes) + throw new ArgumentNullException("outBytes"); + if (inOff < 0) + throw new ArgumentException("cannot be negative", "inOff"); + if (len < 0) + throw new ArgumentException("cannot be negative", "len"); + Check.DataLength(inBytes, inOff, len, "input buffer too short"); + if (outOff < 0) + throw new ArgumentException("cannot be negative", "outOff"); + + CheckData(); + + int resultLen = 0; + + switch (mState) + { + case State.DecData: + { + for (int i = 0; i < len; ++i) + { + mBuf[mBufPos] = inBytes[inOff + i]; + if (++mBufPos == mBuf.Length) + { + mPoly1305.BlockUpdate(mBuf, 0, BufSize); + ProcessData(mBuf, 0, BufSize, outBytes, outOff + resultLen); + Array.Copy(mBuf, BufSize, mBuf, 0, MacSize); + this.mBufPos = MacSize; + resultLen += BufSize; + } + } + break; + } + case State.EncData: + { + if (mBufPos != 0) + { + while (len > 0) + { + --len; + mBuf[mBufPos] = inBytes[inOff++]; + if (++mBufPos == BufSize) + { + ProcessData(mBuf, 0, BufSize, outBytes, outOff); + mPoly1305.BlockUpdate(outBytes, outOff, BufSize); + this.mBufPos = 0; + resultLen = BufSize; + break; + } + } + } + + while (len >= BufSize) + { + ProcessData(inBytes, inOff, BufSize, outBytes, outOff + resultLen); + mPoly1305.BlockUpdate(outBytes, outOff + resultLen, BufSize); + inOff += BufSize; + len -= BufSize; + resultLen += BufSize; + } + + if (len > 0) + { + Array.Copy(inBytes, inOff, mBuf, 0, len); + this.mBufPos = len; + } + break; + } + default: + throw new InvalidOperationException(); + } + + return resultLen; + } + + public virtual int DoFinal(byte[] outBytes, int outOff) + { + if (null == outBytes) + throw new ArgumentNullException("outBytes"); + if (outOff < 0) + throw new ArgumentException("cannot be negative", "outOff"); + + CheckData(); + + Array.Clear(mMac, 0, MacSize); + + int resultLen = 0; + + switch (mState) + { + case State.DecData: + { + if (mBufPos < MacSize) + throw new InvalidCipherTextException("data too short"); + + resultLen = mBufPos - MacSize; + + Check.OutputLength(outBytes, outOff, resultLen, "output buffer too short"); + + if (resultLen > 0) + { + mPoly1305.BlockUpdate(mBuf, 0, resultLen); + ProcessData(mBuf, 0, resultLen, outBytes, outOff); + } + + FinishData(State.DecFinal); + + if (!Arrays.ConstantTimeAreEqual(MacSize, mMac, 0, mBuf, resultLen)) + { + throw new InvalidCipherTextException("mac check in ChaCha20Poly1305 failed"); + } + + break; + } + case State.EncData: + { + resultLen = mBufPos + MacSize; + + Check.OutputLength(outBytes, outOff, resultLen, "output buffer too short"); + + if (mBufPos > 0) + { + ProcessData(mBuf, 0, mBufPos, outBytes, outOff); + mPoly1305.BlockUpdate(outBytes, outOff, mBufPos); + } + + FinishData(State.EncFinal); + + Array.Copy(mMac, 0, outBytes, outOff + mBufPos, MacSize); + break; + } + default: + throw new InvalidOperationException(); + } + + Reset(false, true); + + return resultLen; + } + + public virtual byte[] GetMac() + { + return Arrays.Clone(mMac); + } + + public virtual void Reset() + { + Reset(true, true); + } + + private void CheckAad() + { + switch (mState) + { + case State.DecInit: + this.mState = State.DecAad; + break; + case State.EncInit: + this.mState = State.EncAad; + break; + case State.DecAad: + case State.EncAad: + break; + case State.EncFinal: + throw new InvalidOperationException("ChaCha20Poly1305 cannot be reused for encryption"); + default: + throw new InvalidOperationException(); + } + } + + private void CheckData() + { + switch (mState) + { + case State.DecInit: + case State.DecAad: + FinishAad(State.DecData); + break; + case State.EncInit: + case State.EncAad: + FinishAad(State.EncData); + break; + case State.DecData: + case State.EncData: + break; + case State.EncFinal: + throw new InvalidOperationException("ChaCha20Poly1305 cannot be reused for encryption"); + default: + throw new InvalidOperationException(); + } + } + + private void FinishAad(State nextState) + { + PadMac(mAadCount); + + this.mState = nextState; + } + + private void FinishData(State nextState) + { + PadMac(mDataCount); + + byte[] lengths = new byte[16]; + Pack.UInt64_To_LE(mAadCount, lengths, 0); + Pack.UInt64_To_LE(mDataCount, lengths, 8); + mPoly1305.BlockUpdate(lengths, 0, 16); + + mPoly1305.DoFinal(mMac, 0); + + this.mState = nextState; + } + + private ulong IncrementCount(ulong count, uint increment, ulong limit) + { + if (count > (limit - increment)) + throw new InvalidOperationException ("Limit exceeded"); + + return count + increment; + } + + private void InitMac() + { + byte[] firstBlock = new byte[64]; + try + { + mChacha20.ProcessBytes(firstBlock, 0, 64, firstBlock, 0); + mPoly1305.Init(new KeyParameter(firstBlock, 0, 32)); + } + finally + { + Array.Clear(firstBlock, 0, 64); + } + } + + private void PadMac(ulong count) + { + int partial = (int)count % MacSize; + if (0 != partial) + { + mPoly1305.BlockUpdate(Zeroes, 0, MacSize - partial); + } + } + + private void ProcessData(byte[] inBytes, int inOff, int inLen, byte[] outBytes, int outOff) + { + Check.OutputLength(outBytes, outOff, inLen, "output buffer too short"); + + mChacha20.ProcessBytes(inBytes, inOff, inLen, outBytes, outOff); + + this.mDataCount = IncrementCount(mDataCount, (uint)inLen, DataLimit); + } + + private void Reset(bool clearMac, bool resetCipher) + { + Array.Clear(mBuf, 0, mBuf.Length); + + if (clearMac) + { + Array.Clear(mMac, 0, mMac.Length); + } + + this.mAadCount = 0UL; + this.mDataCount = 0UL; + this.mBufPos = 0; + + switch (mState) + { + case State.DecInit: + case State.EncInit: + break; + case State.DecAad: + case State.DecData: + case State.DecFinal: + this.mState = State.DecInit; + break; + case State.EncAad: + case State.EncData: + case State.EncFinal: + this.mState = State.EncFinal; + return; + default: + throw new InvalidOperationException(); + } + + if (resetCipher) + { + mChacha20.Reset(); + } + + InitMac(); + + if (null != mInitialAad) + { + ProcessAadBytes(mInitialAad, 0, mInitialAad.Length); + } + } + } +} diff --git a/crypto/src/crypto/modes/IAeadBlockCipher.cs b/crypto/src/crypto/modes/IAeadBlockCipher.cs index 52c4ff428..ebe5ef234 100644 --- a/crypto/src/crypto/modes/IAeadBlockCipher.cs +++ b/crypto/src/crypto/modes/IAeadBlockCipher.cs @@ -1,105 +1,15 @@ -using Org.BouncyCastle.Crypto.Parameters; +using System; namespace Org.BouncyCastle.Crypto.Modes { - /// <summary> - /// A block cipher mode that includes authenticated encryption with a streaming mode - /// and optional associated data.</summary> - /// <see cref="AeadParameters"/> + /// <summary>An IAeadCipher based on an IBlockCipher.</summary> public interface IAeadBlockCipher + : IAeadCipher { - /// <summary>The name of the algorithm this cipher implements.</summary> - string AlgorithmName { get; } + /// <returns>The block size for this cipher, in bytes.</returns> + int GetBlockSize(); - /// <summary>The block cipher underlying this algorithm.</summary> + /// <summary>The block cipher underlying this algorithm.</summary> IBlockCipher GetUnderlyingCipher(); - - /// <summary>Initialise the cipher.</summary> - /// <remarks>Parameter can either be an AeadParameters or a ParametersWithIV object.</remarks> - /// <param name="forEncryption">Initialise for encryption if true, for decryption if false.</param> - /// <param name="parameters">The key or other data required by the cipher.</param> - void Init(bool forEncryption, ICipherParameters parameters); - - /// <returns>The block size for this cipher, in bytes.</returns> - int GetBlockSize(); - - /// <summary>Add a single byte to the associated data check.</summary> - /// <remarks>If the implementation supports it, this will be an online operation and will not retain the associated data.</remarks> - /// <param name="input">The byte to be processed.</param> - void ProcessAadByte(byte input); - - /// <summary>Add a sequence of bytes to the associated data check.</summary> - /// <remarks>If the implementation supports it, this will be an online operation and will not retain the associated data.</remarks> - /// <param name="inBytes">The input byte array.</param> - /// <param name="inOff">The offset into the input array where the data to be processed starts.</param> - /// <param name="len">The number of bytes to be processed.</param> - void ProcessAadBytes(byte[] inBytes, int inOff, int len); - - /** - * Encrypt/decrypt a single byte. - * - * @param input the byte to be processed. - * @param outBytes the output buffer the processed byte goes into. - * @param outOff the offset into the output byte array the processed data starts at. - * @return the number of bytes written to out. - * @exception DataLengthException if the output buffer is too small. - */ - int ProcessByte(byte input, byte[] outBytes, int outOff); - - /** - * Process a block of bytes from in putting the result into out. - * - * @param inBytes the input byte array. - * @param inOff the offset into the in array where the data to be processed starts. - * @param len the number of bytes to be processed. - * @param outBytes the output buffer the processed bytes go into. - * @param outOff the offset into the output byte array the processed data starts at. - * @return the number of bytes written to out. - * @exception DataLengthException if the output buffer is too small. - */ - int ProcessBytes(byte[] inBytes, int inOff, int len, byte[] outBytes, int outOff); - - /** - * Finish the operation either appending or verifying the MAC at the end of the data. - * - * @param outBytes space for any resulting output data. - * @param outOff offset into out to start copying the data at. - * @return number of bytes written into out. - * @throws InvalidOperationException if the cipher is in an inappropriate state. - * @throws InvalidCipherTextException if the MAC fails to match. - */ - int DoFinal(byte[] outBytes, int outOff); - - /** - * Return the value of the MAC associated with the last stream processed. - * - * @return MAC for plaintext data. - */ - byte[] GetMac(); - - /** - * Return the size of the output buffer required for a ProcessBytes - * an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to ProcessBytes - * with len bytes of input. - */ - int GetUpdateOutputSize(int len); - - /** - * Return the size of the output buffer required for a ProcessBytes plus a - * DoFinal with an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to ProcessBytes and DoFinal - * with len bytes of input. - */ - int GetOutputSize(int len); - - /// <summary> - /// Reset the cipher to the same state as it was after the last init (if there was one). - /// </summary> - void Reset(); } } diff --git a/crypto/src/crypto/modes/IAeadCipher.cs b/crypto/src/crypto/modes/IAeadCipher.cs new file mode 100644 index 000000000..437693cb6 --- /dev/null +++ b/crypto/src/crypto/modes/IAeadCipher.cs @@ -0,0 +1,111 @@ +using System; + +using Org.BouncyCastle.Crypto.Parameters; + +namespace Org.BouncyCastle.Crypto.Modes +{ + /// <summary> + /// A cipher mode that includes authenticated encryption with a streaming mode and optional + /// associated data. + /// </summary> + /// <remarks> + /// Implementations of this interface may operate in a packet mode (where all input data is + /// buffered and processed during the call to DoFinal, or in a streaming mode (where output + /// data is incrementally produced with each call to ProcessByte or ProcessBytes. This is + /// important to consider during decryption: in a streaming mode, unauthenticated plaintext + /// data may be output prior to the call to DoFinal that results in an authentication failure. + /// The higher level protocol utilising this cipher must ensure the plaintext data is handled + /// appropriately until the end of data is reached and the entire ciphertext is authenticated. + /// </remarks> + /// <see cref="AeadParameters"/> + public interface IAeadCipher + { + /// <summary>The name of the algorithm this cipher implements.</summary> + string AlgorithmName { get; } + + /// <summary>Initialise the cipher.</summary> + /// <remarks>Parameter can either be an AeadParameters or a ParametersWithIV object.</remarks> + /// <param name="forEncryption">Initialise for encryption if true, for decryption if false.</param> + /// <param name="parameters">The key or other data required by the cipher.</param> + void Init(bool forEncryption, ICipherParameters parameters); + + /// <summary>Add a single byte to the associated data check.</summary> + /// <remarks>If the implementation supports it, this will be an online operation and will not retain the associated data.</remarks> + /// <param name="input">The byte to be processed.</param> + void ProcessAadByte(byte input); + + /// <summary>Add a sequence of bytes to the associated data check.</summary> + /// <remarks>If the implementation supports it, this will be an online operation and will not retain the associated data.</remarks> + /// <param name="inBytes">The input byte array.</param> + /// <param name="inOff">The offset into the input array where the data to be processed starts.</param> + /// <param name="len">The number of bytes to be processed.</param> + void ProcessAadBytes(byte[] inBytes, int inOff, int len); + + /** + * Encrypt/decrypt a single byte. + * + * @param input the byte to be processed. + * @param outBytes the output buffer the processed byte goes into. + * @param outOff the offset into the output byte array the processed data starts at. + * @return the number of bytes written to out. + * @exception DataLengthException if the output buffer is too small. + */ + int ProcessByte(byte input, byte[] outBytes, int outOff); + + /** + * Process a block of bytes from in putting the result into out. + * + * @param inBytes the input byte array. + * @param inOff the offset into the in array where the data to be processed starts. + * @param len the number of bytes to be processed. + * @param outBytes the output buffer the processed bytes go into. + * @param outOff the offset into the output byte array the processed data starts at. + * @return the number of bytes written to out. + * @exception DataLengthException if the output buffer is too small. + */ + int ProcessBytes(byte[] inBytes, int inOff, int len, byte[] outBytes, int outOff); + + /** + * Finish the operation either appending or verifying the MAC at the end of the data. + * + * @param outBytes space for any resulting output data. + * @param outOff offset into out to start copying the data at. + * @return number of bytes written into out. + * @throws InvalidOperationException if the cipher is in an inappropriate state. + * @throws InvalidCipherTextException if the MAC fails to match. + */ + int DoFinal(byte[] outBytes, int outOff); + + /** + * Return the value of the MAC associated with the last stream processed. + * + * @return MAC for plaintext data. + */ + byte[] GetMac(); + + /** + * Return the size of the output buffer required for a ProcessBytes + * an input of len bytes. + * + * @param len the length of the input. + * @return the space required to accommodate a call to ProcessBytes + * with len bytes of input. + */ + int GetUpdateOutputSize(int len); + + /** + * Return the size of the output buffer required for a ProcessBytes plus a + * DoFinal with an input of len bytes. + * + * @param len the length of the input. + * @return the space required to accommodate a call to ProcessBytes and DoFinal + * with len bytes of input. + */ + int GetOutputSize(int len); + + /// <summary> + /// Reset the cipher to the same state as it was after the last init (if there was one). + /// </summary> + void Reset(); + } +} diff --git a/crypto/src/crypto/prng/drbg/CtrSP800Drbg.cs b/crypto/src/crypto/prng/drbg/CtrSP800Drbg.cs index eca1821d3..5715a915e 100644 --- a/crypto/src/crypto/prng/drbg/CtrSP800Drbg.cs +++ b/crypto/src/crypto/prng/drbg/CtrSP800Drbg.cs @@ -148,7 +148,7 @@ namespace Org.BouncyCastle.Crypto.Prng.Drbg // -- Internal state migration --- - private static readonly byte[] K_BITS = Hex.Decode("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); + private static readonly byte[] K_BITS = Hex.DecodeStrict("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"); // 1. If (number_of_bits_to_return > max_number_of_bits), then return an // ERROR_FLAG. diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index e29ed3c45..b31384783 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -3,6 +3,7 @@ using System; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Crypto.Signers { @@ -250,11 +251,12 @@ namespace Org.BouncyCastle.Crypto.Signers block[i] ^= dbMask[i]; } - block[0] &= (byte) ((0xff >> ((block.Length * 8) - emBits))); + h.CopyTo(block, block.Length - hLen - 1); - h.CopyTo(block, block.Length - hLen - 1); + uint firstByteMask = 0xFFU >> ((block.Length * 8) - emBits); - block[block.Length - 1] = trailer; + block[0] &= (byte)firstByteMask; + block[block.Length - 1] = trailer; byte[] b = cipher.ProcessBlock(block, 0, block.Length); @@ -269,12 +271,16 @@ namespace Org.BouncyCastle.Crypto.Signers public virtual bool VerifySignature( byte[] signature) { - contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); + contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen); - byte[] b = cipher.ProcessBlock(signature, 0, signature.Length); + byte[] b = cipher.ProcessBlock(signature, 0, signature.Length); + Arrays.Fill(block, 0, block.Length - b.Length, 0); b.CopyTo(block, block.Length - b.Length); - if (block[block.Length - 1] != trailer) + uint firstByteMask = 0xFFU >> ((block.Length * 8) - emBits); + + if (block[0] != (byte)(block[0] & firstByteMask) + || block[block.Length - 1] != trailer) { ClearBlock(block); return false; @@ -287,7 +293,7 @@ namespace Org.BouncyCastle.Crypto.Signers block[i] ^= dbMask[i]; } - block[0] &= (byte) ((0xff >> ((block.Length * 8) - emBits))); + block[0] &= (byte)firstByteMask; for (int i = 0; i != block.Length - hLen - sLen - 2; i++) { diff --git a/crypto/src/crypto/signers/SM2Signer.cs b/crypto/src/crypto/signers/SM2Signer.cs index 56ec17cf3..2597cbf3d 100644 --- a/crypto/src/crypto/signers/SM2Signer.cs +++ b/crypto/src/crypto/signers/SM2Signer.cs @@ -66,7 +66,7 @@ namespace Org.BouncyCastle.Crypto.Signers { baseParam = parameters; // the default value, string value is "1234567812345678" - userID = Hex.Decode("31323334353637383132333435363738"); + userID = Hex.DecodeStrict("31323334353637383132333435363738"); } if (forSigning) diff --git a/crypto/src/crypto/tls/AbstractTlsPeer.cs b/crypto/src/crypto/tls/AbstractTlsPeer.cs index 1bbea68c8..2081ce8e5 100644 --- a/crypto/src/crypto/tls/AbstractTlsPeer.cs +++ b/crypto/src/crypto/tls/AbstractTlsPeer.cs @@ -6,6 +6,23 @@ namespace Org.BouncyCastle.Crypto.Tls public abstract class AbstractTlsPeer : TlsPeer { + private volatile TlsCloseable mCloseHandle; + + /// <exception cref="IOException"/> + public virtual void Cancel() + { + TlsCloseable closeHandle = this.mCloseHandle; + if (null != closeHandle) + { + closeHandle.Close(); + } + } + + public virtual void NotifyCloseHandle(TlsCloseable closeHandle) + { + this.mCloseHandle = closeHandle; + } + public virtual bool RequiresExtendedMasterSecret() { return false; diff --git a/crypto/src/crypto/tls/DatagramTransport.cs b/crypto/src/crypto/tls/DatagramTransport.cs index 524a8b181..42f958d46 100644 --- a/crypto/src/crypto/tls/DatagramTransport.cs +++ b/crypto/src/crypto/tls/DatagramTransport.cs @@ -4,6 +4,7 @@ using System.IO; namespace Org.BouncyCastle.Crypto.Tls { public interface DatagramTransport + : TlsCloseable { /// <exception cref="IOException"/> int GetReceiveLimit(); @@ -16,8 +17,5 @@ namespace Org.BouncyCastle.Crypto.Tls /// <exception cref="IOException"/> void Send(byte[] buf, int off, int len); - - /// <exception cref="IOException"/> - void Close(); } } diff --git a/crypto/src/crypto/tls/DtlsClientProtocol.cs b/crypto/src/crypto/tls/DtlsClientProtocol.cs index ce0c4c767..4c08bbcfc 100644 --- a/crypto/src/crypto/tls/DtlsClientProtocol.cs +++ b/crypto/src/crypto/tls/DtlsClientProtocol.cs @@ -35,6 +35,7 @@ namespace Org.BouncyCastle.Crypto.Tls client.Init(state.clientContext); DtlsRecordLayer recordLayer = new DtlsRecordLayer(transport, state.clientContext, client, ContentType.handshake); + client.NotifyCloseHandle(recordLayer); TlsSession sessionToResume = state.client.GetSessionToResume(); if (sessionToResume != null && sessionToResume.IsResumable) diff --git a/crypto/src/crypto/tls/DtlsRecordLayer.cs b/crypto/src/crypto/tls/DtlsRecordLayer.cs index 39e018810..3cb0e78dd 100644 --- a/crypto/src/crypto/tls/DtlsRecordLayer.cs +++ b/crypto/src/crypto/tls/DtlsRecordLayer.cs @@ -47,6 +47,11 @@ namespace Org.BouncyCastle.Crypto.Tls SetPlaintextLimit(MAX_FRAGMENT_LENGTH); } + internal bool IsClosed + { + get { return mClosed; } + } + internal virtual void SetPlaintextLimit(int plaintextLimit) { this.mPlaintextLimit = plaintextLimit; diff --git a/crypto/src/crypto/tls/DtlsReliableHandshake.cs b/crypto/src/crypto/tls/DtlsReliableHandshake.cs index 8715cd799..8fcc1d7c2 100644 --- a/crypto/src/crypto/tls/DtlsReliableHandshake.cs +++ b/crypto/src/crypto/tls/DtlsReliableHandshake.cs @@ -93,6 +93,9 @@ namespace Org.BouncyCastle.Crypto.Tls { for (;;) { + if (mRecordLayer.IsClosed) + throw new TlsFatalAlert(AlertDescription.user_canceled); + Message pending = GetPendingMessage(); if (pending != null) return pending; diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs index 1095014cd..242e1bee5 100644 --- a/crypto/src/crypto/tls/DtlsServerProtocol.cs +++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs @@ -45,6 +45,7 @@ namespace Org.BouncyCastle.Crypto.Tls server.Init(state.serverContext); DtlsRecordLayer recordLayer = new DtlsRecordLayer(transport, state.serverContext, server, ContentType.handshake); + server.NotifyCloseHandle(recordLayer); // TODO Need to handle sending of HelloVerifyRequest without entering a full connection diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 17b756693..1fe5744d3 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -92,6 +92,8 @@ namespace Org.BouncyCastle.Crypto.Tls this.mTlsClient.Init(mTlsClientContext); this.mRecordStream.Init(mTlsClientContext); + tlsClient.NotifyCloseHandle(this); + TlsSession sessionToResume = tlsClient.GetSessionToResume(); if (sessionToResume != null && sessionToResume.IsResumable) { diff --git a/crypto/src/crypto/tls/TlsCloseable.cs b/crypto/src/crypto/tls/TlsCloseable.cs new file mode 100644 index 000000000..01625d7a0 --- /dev/null +++ b/crypto/src/crypto/tls/TlsCloseable.cs @@ -0,0 +1,11 @@ +using System; +using System.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public interface TlsCloseable + { + /// <exception cref="IOException"/> + void Close(); + } +} diff --git a/crypto/src/crypto/tls/TlsDHUtilities.cs b/crypto/src/crypto/tls/TlsDHUtilities.cs index ec5909f48..59006018e 100644 --- a/crypto/src/crypto/tls/TlsDHUtilities.cs +++ b/crypto/src/crypto/tls/TlsDHUtilities.cs @@ -21,7 +21,7 @@ namespace Org.BouncyCastle.Crypto.Tls */ private static BigInteger FromHex(String hex) { - return new BigInteger(1, Hex.Decode(hex)); + return new BigInteger(1, Hex.DecodeStrict(hex)); } private static DHParameters FromSafeP(String hexP) diff --git a/crypto/src/crypto/tls/TlsPeer.cs b/crypto/src/crypto/tls/TlsPeer.cs index 993fdf93f..a1e99f3fd 100644 --- a/crypto/src/crypto/tls/TlsPeer.cs +++ b/crypto/src/crypto/tls/TlsPeer.cs @@ -5,6 +5,11 @@ namespace Org.BouncyCastle.Crypto.Tls { public interface TlsPeer { + void NotifyCloseHandle(TlsCloseable closehandle); + + /// <exception cref="IOException"/> + void Cancel(); + /// <summary> /// This implementation supports RFC 7627 and will always negotiate the extended_master_secret /// extension where possible. diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 388eb629f..cc6ae0259 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -9,6 +9,7 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Crypto.Tls { public abstract class TlsProtocol + : TlsCloseable { /* * Our Connection states diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index e610b5950..1ba90cfdc 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -94,6 +94,8 @@ namespace Org.BouncyCastle.Crypto.Tls this.mTlsServer.Init(mTlsServerContext); this.mRecordStream.Init(mTlsServerContext); + tlsServer.NotifyCloseHandle(this); + this.mRecordStream.SetRestrictReadVersion(false); BlockForHandshake(); diff --git a/crypto/src/math/ec/custom/djb/Curve25519.cs b/crypto/src/math/ec/custom/djb/Curve25519.cs index 190edf6ec..f9a1b450c 100644 --- a/crypto/src/math/ec/custom/djb/Curve25519.cs +++ b/crypto/src/math/ec/custom/djb/Curve25519.cs @@ -10,8 +10,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Djb { public static readonly BigInteger q = Curve25519FieldElement.Q; - private static readonly BigInteger C_a = new BigInteger(1, Hex.Decode("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA984914A144")); - private static readonly BigInteger C_b = new BigInteger(1, Hex.Decode("7B425ED097B425ED097B425ED097B425ED097B425ED097B4260B5E9C7710C864")); + private static readonly BigInteger C_a = new BigInteger(1, Hex.DecodeStrict("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA984914A144")); + private static readonly BigInteger C_b = new BigInteger(1, Hex.DecodeStrict("7B425ED097B425ED097B425ED097B425ED097B425ED097B4260B5E9C7710C864")); private const int CURVE25519_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED; private const int CURVE25519_FE_INTS = 8; @@ -26,7 +26,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Djb this.m_a = FromBigInteger(C_a); this.m_b = FromBigInteger(C_b); - this.m_order = new BigInteger(1, Hex.Decode("1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED")); this.m_cofactor = BigInteger.ValueOf(8); this.m_coord = CURVE25519_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs b/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs index 4978a2beb..3135cbb06 100644 --- a/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs +++ b/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.GM this.m_infinity = new SM2P256V1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC"))); + Hex.DecodeStrict("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")); + Hex.DecodeStrict("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123")); this.m_cofactor = BigInteger.One; this.m_coord = SM2P256V1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs b/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs index a1f675f90..a9331eb52 100644 --- a/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs +++ b/crypto/src/math/ec/custom/gm/SM2P256V1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.GM : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF")); + Hex.DecodeStrict("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs index 58bff2390..e92aca75b 100644 --- a/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP128R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"))); + Hex.DecodeStrict("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("E87579C11079F43DD824993C2CEE5ED3"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFE0000000075A30D1B9038A115")); + Hex.DecodeStrict("E87579C11079F43DD824993C2CEE5ED3"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFE0000000075A30D1B9038A115")); this.m_cofactor = BigInteger.One; this.m_coord = SECP128R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecP128R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP128R1FieldElement.cs index 04f432ced..8ddabe9a7 100644 --- a/crypto/src/math/ec/custom/sec/SecP128R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP128R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF")); + Hex.DecodeStrict("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs index 1b5bbfe96..fbc928ab7 100644 --- a/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs @@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.ValueOf(7)); - this.m_order = new BigInteger(1, Hex.Decode("0100000000000000000001B8FA16DFAB9ACA16B6B3")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0100000000000000000001B8FA16DFAB9ACA16B6B3")); this.m_cofactor = BigInteger.One; this.m_coord = SECP160K1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs index 42f2f467b..39855c549 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP160R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))); - this.m_order = new BigInteger(1, Hex.Decode("0100000000000000000001F4C8F927AED3CA752257")); + Hex.DecodeStrict("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0100000000000000000001F4C8F927AED3CA752257")); this.m_cofactor = BigInteger.One; this.m_coord = SECP160R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecP160R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP160R1FieldElement.cs index 5365d7cd0..eade0b8e9 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs b/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs index 17f73d7ce..c8ac2e0ab 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP160R2Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70"))); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("B4E134D3FB59EB8BAB57274904664D5AF50388BA"))); - this.m_order = new BigInteger(1, Hex.Decode("0100000000000000000000351EE786A818F3A1A16B")); + Hex.DecodeStrict("B4E134D3FB59EB8BAB57274904664D5AF50388BA"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0100000000000000000000351EE786A818F3A1A16B")); this.m_cofactor = BigInteger.One; this.m_coord = SECP160R2_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecP160R2FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP160R2FieldElement.cs index 95d3c0b31..b67fc44f0 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R2FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R2FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs index 6647ebab9..6f1069af9 100644 --- a/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs @@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.ValueOf(3)); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D")); this.m_cofactor = BigInteger.One; this.m_coord = SECP192K1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP192K1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP192K1FieldElement.cs index d3de532d9..7d5beaed8 100644 --- a/crypto/src/math/ec/custom/sec/SecP192K1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP192K1FieldElement.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs index a65afd0b0..249542449 100644 --- a/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP192R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")); + Hex.DecodeStrict("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")); this.m_cofactor = BigInteger.One; this.m_coord = SECP192R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecP192R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP192R1FieldElement.cs index 65a1aadb3..d197cb698 100644 --- a/crypto/src/math/ec/custom/sec/SecP192R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP192R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs index ce56fbf52..7f45b14f6 100644 --- a/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs @@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.ValueOf(5)); - this.m_order = new BigInteger(1, Hex.Decode("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7")); this.m_cofactor = BigInteger.One; this.m_coord = SECP224K1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP224K1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP224K1FieldElement.cs index 0614b7def..422b8294a 100644 --- a/crypto/src/math/ec/custom/sec/SecP224K1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP224K1FieldElement.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D")); // Calculated as BigInteger.Two.ModPow(Q.ShiftRight(2), Q) private static readonly uint[] PRECOMP_POW2 = new uint[]{ 0x33bfd202, 0xdcfad133, 0x2287624a, 0xc3811ba8, diff --git a/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs index a37fc282f..1f75dc1db 100644 --- a/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP224R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")); + Hex.DecodeStrict("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")); this.m_cofactor = BigInteger.One; this.m_coord = SECP224R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs index 968bc0baa..e44b4f7b7 100644 --- a/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP224R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs index 26c788b5f..f51477c63 100644 --- a/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs @@ -23,7 +23,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.ValueOf(7)); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141")); this.m_cofactor = BigInteger.One; this.m_coord = SECP256K1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP256K1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP256K1FieldElement.cs index d24f8d0df..5d1fea8b5 100644 --- a/crypto/src/math/ec/custom/sec/SecP256K1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP256K1FieldElement.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs index 504d7edc6..7cc456b2d 100644 --- a/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP256R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))); + Hex.DecodeStrict("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")); + Hex.DecodeStrict("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551")); this.m_cofactor = BigInteger.One; this.m_coord = SECP256R1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP256R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP256R1FieldElement.cs index be4021485..1a18ec38e 100644 --- a/crypto/src/math/ec/custom/sec/SecP256R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP256R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")); + Hex.DecodeStrict("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs index 5c6afc2e5..890a72329 100644 --- a/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP384R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))); - this.m_order = new BigInteger(1, Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")); + Hex.DecodeStrict("B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")); this.m_cofactor = BigInteger.One; this.m_coord = SECP384R1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs index 9d3f51d87..00046b495 100644 --- a/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP384R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")); + Hex.DecodeStrict("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs index cca86e2cb..28db11aea 100644 --- a/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecP521R1Point(this, null, null); this.m_a = FromBigInteger(new BigInteger(1, - Hex.Decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))); + Hex.DecodeStrict("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))); this.m_b = FromBigInteger(new BigInteger(1, - Hex.Decode("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"))); - this.m_order = new BigInteger(1, Hex.Decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")); + Hex.DecodeStrict("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409")); this.m_cofactor = BigInteger.One; this.m_coord = SECP521R1_DEFAULT_COORDS; } diff --git a/crypto/src/math/ec/custom/sec/SecP521R1FieldElement.cs b/crypto/src/math/ec/custom/sec/SecP521R1FieldElement.cs index a428a1243..c677b2610 100644 --- a/crypto/src/math/ec/custom/sec/SecP521R1FieldElement.cs +++ b/crypto/src/math/ec/custom/sec/SecP521R1FieldElement.cs @@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec : AbstractFpFieldElement { public static readonly BigInteger Q = new BigInteger(1, - Hex.Decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")); + Hex.DecodeStrict("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")); protected internal readonly uint[] x; diff --git a/crypto/src/math/ec/custom/sec/SecT113R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT113R1Curve.cs index ea9ea0b0c..492b1d8b5 100644 --- a/crypto/src/math/ec/custom/sec/SecT113R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT113R1Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT113R1Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("003088250CA6E7C7FE649CE85820F7"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("00E8BEE4D3E2260744188BE0E9C723"))); - this.m_order = new BigInteger(1, Hex.Decode("0100000000000000D9CCEC8A39E56F")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("003088250CA6E7C7FE649CE85820F7"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("00E8BEE4D3E2260744188BE0E9C723"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0100000000000000D9CCEC8A39E56F")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT113R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT113R2Curve.cs b/crypto/src/math/ec/custom/sec/SecT113R2Curve.cs index 84b20e026..d0fad0ff7 100644 --- a/crypto/src/math/ec/custom/sec/SecT113R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT113R2Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT113R2Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("00689918DBEC7E5A0DD6DFC0AA55C7"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("0095E9A9EC9B297BD4BF36E059184F"))); - this.m_order = new BigInteger(1, Hex.Decode("010000000000000108789B2496AF93")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("00689918DBEC7E5A0DD6DFC0AA55C7"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0095E9A9EC9B297BD4BF36E059184F"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("010000000000000108789B2496AF93")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT113R2_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT131R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT131R1Curve.cs index 1a8c01670..2b2636901 100644 --- a/crypto/src/math/ec/custom/sec/SecT131R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT131R1Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT131R1Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("07A11B09A76B562144418FF3FF8C2570B8"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("0217C05610884B63B9C6C7291678F9D341"))); - this.m_order = new BigInteger(1, Hex.Decode("0400000000000000023123953A9464B54D")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("07A11B09A76B562144418FF3FF8C2570B8"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0217C05610884B63B9C6C7291678F9D341"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0400000000000000023123953A9464B54D")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT131R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT131R2Curve.cs b/crypto/src/math/ec/custom/sec/SecT131R2Curve.cs index 4a90a74f3..123362f4d 100644 --- a/crypto/src/math/ec/custom/sec/SecT131R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT131R2Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT131R2Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("03E5A88919D7CAFCBF415F07C2176573B2"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("04B8266A46C55657AC734CE38F018F2192"))); - this.m_order = new BigInteger(1, Hex.Decode("0400000000000000016954A233049BA98F")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("03E5A88919D7CAFCBF415F07C2176573B2"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("04B8266A46C55657AC734CE38F018F2192"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("0400000000000000016954A233049BA98F")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT131R2_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT163K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT163K1Curve.cs index 6cdb7bdd6..31c63a8c4 100644 --- a/crypto/src/math/ec/custom/sec/SecT163K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT163K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.One); this.m_b = this.m_a; - this.m_order = new BigInteger(1, Hex.Decode("04000000000000000000020108A2E0CC0D99F8A5EF")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("04000000000000000000020108A2E0CC0D99F8A5EF")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT163K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT163R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT163R1Curve.cs index bee0d3c80..61c452ea7 100644 --- a/crypto/src/math/ec/custom/sec/SecT163R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT163R1Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT163R1Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9"))); - this.m_order = new BigInteger(1, Hex.Decode("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("07B6882CAAEFA84F9554FF8428BD88E246D2782AE2"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT163R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT163R2Curve.cs b/crypto/src/math/ec/custom/sec/SecT163R2Curve.cs index 35e91ddf1..c610b5722 100644 --- a/crypto/src/math/ec/custom/sec/SecT163R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT163R2Curve.cs @@ -20,8 +20,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecT163R2Point(this, null, null); this.m_a = FromBigInteger(BigInteger.One); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("020A601907B8C953CA1481EB10512F78744A3205FD"))); - this.m_order = new BigInteger(1, Hex.Decode("040000000000000000000292FE77E70C12A4234C33")); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("020A601907B8C953CA1481EB10512F78744A3205FD"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("040000000000000000000292FE77E70C12A4234C33")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT163R2_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT193R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT193R1Curve.cs index 8ba83689e..32bc434c7 100644 --- a/crypto/src/math/ec/custom/sec/SecT193R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT193R1Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT193R1Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814"))); - this.m_order = new BigInteger(1, Hex.Decode("01000000000000000000000000C7F34A778F443ACC920EBA49")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("01000000000000000000000000C7F34A778F443ACC920EBA49")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT193R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT193R2Curve.cs b/crypto/src/math/ec/custom/sec/SecT193R2Curve.cs index 46790e7e4..7f5357177 100644 --- a/crypto/src/math/ec/custom/sec/SecT193R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT193R2Curve.cs @@ -19,9 +19,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec { this.m_infinity = new SecT193R2Point(this, null, null); - this.m_a = FromBigInteger(new BigInteger(1, Hex.Decode("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B"))); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE"))); - this.m_order = new BigInteger(1, Hex.Decode("010000000000000000000000015AAB561B005413CCD4EE99D5")); + this.m_a = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B"))); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("010000000000000000000000015AAB561B005413CCD4EE99D5")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT193R2_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT233K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT233K1Curve.cs index c01247446..7a3f55f87 100644 --- a/crypto/src/math/ec/custom/sec/SecT233K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT233K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.One); - this.m_order = new BigInteger(1, Hex.Decode("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("8000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF")); this.m_cofactor = BigInteger.ValueOf(4); this.m_coord = SECT233K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT233R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT233R1Curve.cs index a5d3b86fd..7b7e59386 100644 --- a/crypto/src/math/ec/custom/sec/SecT233R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT233R1Curve.cs @@ -20,8 +20,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecT233R1Point(this, null, null); this.m_a = FromBigInteger(BigInteger.One); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD"))); - this.m_order = new BigInteger(1, Hex.Decode("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7")); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT233R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT239K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT239K1Curve.cs index 5748942e2..48854ce7e 100644 --- a/crypto/src/math/ec/custom/sec/SecT239K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT239K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.One); - this.m_order = new BigInteger(1, Hex.Decode("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5")); this.m_cofactor = BigInteger.ValueOf(4); this.m_coord = SECT239K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT283K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT283K1Curve.cs index e97a0f01d..c4d182435 100644 --- a/crypto/src/math/ec/custom/sec/SecT283K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT283K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.One); - this.m_order = new BigInteger(1, Hex.Decode("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61")); this.m_cofactor = BigInteger.ValueOf(4); this.m_coord = SECT283K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT283R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT283R1Curve.cs index a8a50c22a..c29413788 100644 --- a/crypto/src/math/ec/custom/sec/SecT283R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT283R1Curve.cs @@ -20,8 +20,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecT283R1Point(this, null, null); this.m_a = FromBigInteger(BigInteger.One); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5"))); - this.m_order = new BigInteger(1, Hex.Decode("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307")); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT283R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT409K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT409K1Curve.cs index 2f6503692..9e5fe88c7 100644 --- a/crypto/src/math/ec/custom/sec/SecT409K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT409K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.One); - this.m_order = new BigInteger(1, Hex.Decode("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF")); this.m_cofactor = BigInteger.ValueOf(4); this.m_coord = SECT409K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT409R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT409R1Curve.cs index 0e767504b..845c14b40 100644 --- a/crypto/src/math/ec/custom/sec/SecT409R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT409R1Curve.cs @@ -20,8 +20,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_infinity = new SecT409R1Point(this, null, null); this.m_a = FromBigInteger(BigInteger.One); - this.m_b = FromBigInteger(new BigInteger(1, Hex.Decode("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F"))); - this.m_order = new BigInteger(1, Hex.Decode("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173")); + this.m_b = FromBigInteger(new BigInteger(1, Hex.DecodeStrict("0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F"))); + this.m_order = new BigInteger(1, Hex.DecodeStrict("010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT409R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT571K1Curve.cs b/crypto/src/math/ec/custom/sec/SecT571K1Curve.cs index 1ab3b0941..544a1ba4b 100644 --- a/crypto/src/math/ec/custom/sec/SecT571K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT571K1Curve.cs @@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.Zero); this.m_b = FromBigInteger(BigInteger.One); - this.m_order = new BigInteger(1, Hex.Decode("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001")); this.m_cofactor = BigInteger.ValueOf(4); this.m_coord = SECT571K1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/custom/sec/SecT571R1Curve.cs b/crypto/src/math/ec/custom/sec/SecT571R1Curve.cs index 840c29638..67343b0c9 100644 --- a/crypto/src/math/ec/custom/sec/SecT571R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecT571R1Curve.cs @@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecT571R1Point m_infinity; internal static readonly SecT571FieldElement SecT571R1_B = new SecT571FieldElement( - new BigInteger(1, Hex.Decode("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A"))); + new BigInteger(1, Hex.DecodeStrict("02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A"))); internal static readonly SecT571FieldElement SecT571R1_B_SQRT = (SecT571FieldElement)SecT571R1_B.Sqrt(); public SecT571R1Curve() @@ -25,7 +25,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec this.m_a = FromBigInteger(BigInteger.One); this.m_b = SecT571R1_B; - this.m_order = new BigInteger(1, Hex.Decode("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47")); + this.m_order = new BigInteger(1, Hex.DecodeStrict("03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47")); this.m_cofactor = BigInteger.Two; this.m_coord = SECT571R1_DEFAULT_COORDS; diff --git a/crypto/src/math/ec/rfc7748/X448Field.cs b/crypto/src/math/ec/rfc7748/X448Field.cs index f1e89e520..14c9b4879 100644 --- a/crypto/src/math/ec/rfc7748/X448Field.cs +++ b/crypto/src/math/ec/rfc7748/X448Field.cs @@ -1009,6 +1009,14 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748 z[15] = z15; } + public static void SubOne(uint[] z) + { + uint[] one = Create(); + one[0] = 1U; + + Sub(z, one, z); + } + public static void Zero(uint[] z) { for (int i = 0; i < Size; ++i) diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs index b798bdf2d..238256cf7 100644 --- a/crypto/src/math/ec/rfc8032/Ed25519.cs +++ b/crypto/src/math/ec/rfc8032/Ed25519.cs @@ -12,6 +12,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 { public abstract class Ed25519 { + // -x^2 + y^2 == 1 + 0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3 * x^2 * y^2 + public enum Algorithm { Ed25519 = 0, @@ -112,6 +114,46 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 || ctx != null && ctx.Length < 256; } + private static int CheckPoint(int[] x, int[] y) + { + int[] t = X25519Field.Create(); + int[] u = X25519Field.Create(); + int[] v = X25519Field.Create(); + + X25519Field.Sqr(x, u); + X25519Field.Sqr(y, v); + X25519Field.Mul(u, v, t); + X25519Field.Sub(v, u, v); + X25519Field.Mul(t, C_d, t); + X25519Field.AddOne(t); + X25519Field.Sub(t, v, t); + X25519Field.Normalize(t); + + return X25519Field.IsZero(t); + } + + private static int CheckPoint(int[] x, int[] y, int[] z) + { + int[] t = X25519Field.Create(); + int[] u = X25519Field.Create(); + int[] v = X25519Field.Create(); + int[] w = X25519Field.Create(); + + X25519Field.Sqr(x, u); + X25519Field.Sqr(y, v); + X25519Field.Sqr(z, w); + X25519Field.Mul(u, v, t); + X25519Field.Sub(v, u, v); + X25519Field.Mul(v, w, v); + X25519Field.Sqr(w, w); + X25519Field.Mul(t, C_d, t); + X25519Field.Add(t, w, t); + X25519Field.Sub(t, v, t); + X25519Field.Normalize(t); + + return X25519Field.IsZero(t); + } + private static bool CheckPointVar(byte[] p) { uint[] t = new uint[8]; @@ -234,7 +276,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 Encode24((uint)(n >> 32), bs, off + 4); } - private static void EncodePoint(PointAccum p, byte[] r, int rOff) + private static int EncodePoint(PointAccum p, byte[] r, int rOff) { int[] x = X25519Field.Create(); int[] y = X25519Field.Create(); @@ -245,8 +287,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X25519Field.Normalize(x); X25519Field.Normalize(y); + int result = CheckPoint(x, y); + X25519Field.Encode(y, r, rOff); r[rOff + PointBytes - 1] |= (byte)((x[0] & 1) << 7); + + return result; } public static void GeneratePrivateKey(SecureRandom random, byte[] k) @@ -426,9 +472,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 ScalarMultStrausVar(nS, nA, pA, pR); byte[] check = new byte[PointBytes]; - EncodePoint(pR, check, 0); - - return Arrays.AreEqual(check, R); + return 0 != EncodePoint(pR, check, 0) && Arrays.AreEqual(check, R); } private static void PointAddVar(bool negate, PointExt p, PointAccum r) @@ -931,7 +975,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 { PointAccum p = new PointAccum(); ScalarMultBase(k, p); - EncodePoint(p, r, rOff); + if (0 == EncodePoint(p, r, rOff)) + throw new InvalidOperationException(); } internal static void ScalarMultBaseYZ(byte[] k, int kOff, int[] y, int[] z) @@ -941,6 +986,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 PointAccum p = new PointAccum(); ScalarMultBase(n, p); + + if (0 == CheckPoint(p.x, p.y, p.z)) + throw new InvalidOperationException(); + X25519Field.Copy(p.y, 0, y, 0); X25519Field.Copy(p.z, 0, z, 0); } diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index 842839396..925f48eb1 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -12,6 +12,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 { public abstract class Ed448 { + // x^2 + y^2 == 1 - 39081 * x^2 * y^2 + public enum Algorithm { Ed448 = 0, @@ -109,6 +111,46 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 return ctx != null && ctx.Length < 256; } + private static int CheckPoint(uint[] x, uint[] y) + { + uint[] t = X448Field.Create(); + uint[] u = X448Field.Create(); + uint[] v = X448Field.Create(); + + X448Field.Sqr(x, u); + X448Field.Sqr(y, v); + X448Field.Mul(u, v, t); + X448Field.Add(u, v, u); + X448Field.Mul(t, -C_d, t); + X448Field.SubOne(t); + X448Field.Add(t, u, t); + X448Field.Normalize(t); + + return X448Field.IsZero(t); + } + + private static int CheckPoint(uint[] x, uint[] y, uint[] z) + { + uint[] t = X448Field.Create(); + uint[] u = X448Field.Create(); + uint[] v = X448Field.Create(); + uint[] w = X448Field.Create(); + + X448Field.Sqr(x, u); + X448Field.Sqr(y, v); + X448Field.Sqr(z, w); + X448Field.Mul(u, v, t); + X448Field.Add(u, v, u); + X448Field.Mul(u, w, u); + X448Field.Sqr(w, w); + X448Field.Mul(t, -C_d, t); + X448Field.Sub(t, w, t); + X448Field.Add(t, u, t); + X448Field.Normalize(t); + + return X448Field.IsZero(t); + } + private static bool CheckPointVar(byte[] p) { if ((p[PointBytes - 1] & 0x7F) != 0x00) @@ -243,7 +285,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 Encode24((uint)(n >> 32), bs, off + 4); } - private static void EncodePoint(PointExt p, byte[] r, int rOff) + private static int EncodePoint(PointExt p, byte[] r, int rOff) { uint[] x = X448Field.Create(); uint[] y = X448Field.Create(); @@ -254,8 +296,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 X448Field.Normalize(x); X448Field.Normalize(y); + int result = CheckPoint(x, y); + X448Field.Encode(y, r, rOff); r[rOff + PointBytes - 1] = (byte)((x[0] & 1) << 7); + + return result; } public static void GeneratePrivateKey(SecureRandom random, byte[] k) @@ -435,9 +481,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 ScalarMultStrausVar(nS, nA, pA, pR); byte[] check = new byte[PointBytes]; - EncodePoint(pR, check, 0); - - return Arrays.AreEqual(check, R); + return 0 != EncodePoint(pR, check, 0) && Arrays.AreEqual(check, R); } private static void PointAddVar(bool negate, PointExt p, PointExt r) @@ -1018,7 +1062,8 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 { PointExt p = new PointExt(); ScalarMultBase(k, p); - EncodePoint(p, r, rOff); + if (0 == EncodePoint(p, r, rOff)) + throw new InvalidOperationException(); } internal static void ScalarMultBaseXY(byte[] k, int kOff, uint[] x, uint[] y) @@ -1028,6 +1073,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 PointExt p = new PointExt(); ScalarMultBase(n, p); + + if (0 == CheckPoint(p.x, p.y, p.z)) + throw new InvalidOperationException(); + X448Field.Copy(p.x, 0, x, 0); X448Field.Copy(p.y, 0, y, 0); } diff --git a/crypto/src/security/CipherUtilities.cs b/crypto/src/security/CipherUtilities.cs index eb10baec8..fb2a31a56 100644 --- a/crypto/src/security/CipherUtilities.cs +++ b/crypto/src/security/CipherUtilities.cs @@ -33,6 +33,9 @@ namespace Org.BouncyCastle.Security CAMELLIA, CAST5, CAST6, + CHACHA, + CHACHA20_POLY1305, + CHACHA7539, DES, DESEDE, ELGAMAL, @@ -64,7 +67,7 @@ namespace Org.BouncyCastle.Security VMPC_KSA3, XTEA, }; - + private enum CipherMode { ECB, NONE, CBC, CCM, CFB, CTR, CTS, EAX, GCM, GOFB, OCB, OFB, OPENPGPCFB, SIC }; private enum CipherPadding { @@ -207,6 +210,9 @@ namespace Org.BouncyCastle.Security algorithms[KisaObjectIdentifiers.IdSeedCbc.Id] = "SEED/CBC/PKCS7PADDING"; algorithms["1.3.6.1.4.1.3029.1.2"] = "BLOWFISH/CBC"; + + algorithms["CHACHA20"] = "CHACHA7539"; + algorithms[PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305.Id] = "CHACHA20-POLY1305"; } private CipherUtilities() @@ -333,6 +339,7 @@ namespace Org.BouncyCastle.Security string[] parts = algorithm.Split('/'); + IAeadCipher aeadCipher = null; IBlockCipher blockCipher = null; IAsymmetricBlockCipher asymBlockCipher = null; IStreamCipher streamCipher = null; @@ -376,6 +383,15 @@ namespace Org.BouncyCastle.Security case CipherAlgorithm.CAST6: blockCipher = new Cast6Engine(); break; + case CipherAlgorithm.CHACHA: + streamCipher = new ChaChaEngine(); + break; + case CipherAlgorithm.CHACHA20_POLY1305: + aeadCipher = new ChaCha20Poly1305(); + break; + case CipherAlgorithm.CHACHA7539: + streamCipher = new ChaCha7539Engine(); + break; case CipherAlgorithm.DES: blockCipher = new DesEngine(); break; @@ -468,6 +484,14 @@ namespace Org.BouncyCastle.Security throw new SecurityUtilityException("Cipher " + algorithm + " not recognised."); } + if (aeadCipher != null) + { + if (parts.Length > 1) + throw new ArgumentException("Modes and paddings cannot be applied to AEAD ciphers"); + + return new BufferedAeadCipher(aeadCipher); + } + if (streamCipher != null) { if (parts.Length > 1) diff --git a/crypto/src/security/GeneratorUtilities.cs b/crypto/src/security/GeneratorUtilities.cs index 08281493a..f39d583d6 100644 --- a/crypto/src/security/GeneratorUtilities.cs +++ b/crypto/src/security/GeneratorUtilities.cs @@ -72,6 +72,11 @@ namespace Org.BouncyCastle.Security AddKgAlgorithm("CAST5", "1.2.840.113533.7.66.10"); AddKgAlgorithm("CAST6"); + AddKgAlgorithm("CHACHA"); + AddKgAlgorithm("CHACHA7539", + "CHACHA20", + "CHACHA20-POLY1305", + PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305); AddKgAlgorithm("DES", OiwObjectIdentifiers.DesCbc, OiwObjectIdentifiers.DesCfb, @@ -202,15 +207,16 @@ namespace Org.BouncyCastle.Security AddDefaultKeySizeEntries(64, "DES"); AddDefaultKeySizeEntries(80, "SKIPJACK"); - AddDefaultKeySizeEntries(128, "AES128", "BLOWFISH", "CAMELLIA128", "CAST5", "DESEDE", + AddDefaultKeySizeEntries(128, "AES128", "BLOWFISH", "CAMELLIA128", "CAST5", "CHACHA", "DESEDE", "HC128", "HMACMD2", "HMACMD4", "HMACMD5", "HMACRIPEMD128", "IDEA", "NOEKEON", "RC2", "RC4", "RC5", "SALSA20", "SEED", "SM4", "TEA", "XTEA", "VMPC", "VMPC-KSA3"); AddDefaultKeySizeEntries(160, "HMACRIPEMD160", "HMACSHA1"); AddDefaultKeySizeEntries(192, "AES", "AES192", "CAMELLIA192", "DESEDE3", "HMACTIGER", "RIJNDAEL", "SERPENT", "TNEPRES"); AddDefaultKeySizeEntries(224, "HMACSHA3-224", "HMACKECCAK224", "HMACSHA224", "HMACSHA512/224"); - AddDefaultKeySizeEntries(256, "AES256", "CAMELLIA", "CAMELLIA256", "CAST6", "GOST28147", - "HC256", "HMACGOST3411-2012-256", "HMACSHA3-256", "HMACKECCAK256", "HMACSHA256", "HMACSHA512/256", "RC5-64", "RC6", "THREEFISH-256", "TWOFISH"); + AddDefaultKeySizeEntries(256, "AES256", "CAMELLIA", "CAMELLIA256", "CAST6", "CHACHA7539", "GOST28147", + "HC256", "HMACGOST3411-2012-256", "HMACSHA3-256", "HMACKECCAK256", "HMACSHA256", "HMACSHA512/256", + "RC5-64", "RC6", "THREEFISH-256", "TWOFISH"); AddDefaultKeySizeEntries(288, "HMACKECCAK288"); AddDefaultKeySizeEntries(384, "HMACSHA3-384", "HMACKECCAK384", "HMACSHA384"); AddDefaultKeySizeEntries(512, "HMACGOST3411-2012-512", "HMACSHA3-512", "HMACKECCAK512", "HMACSHA512", "THREEFISH-512"); diff --git a/crypto/src/security/ParameterUtilities.cs b/crypto/src/security/ParameterUtilities.cs index dc6992833..0ff1bdb4a 100644 --- a/crypto/src/security/ParameterUtilities.cs +++ b/crypto/src/security/ParameterUtilities.cs @@ -65,6 +65,11 @@ namespace Org.BouncyCastle.Security AddAlgorithm("CAST5", "1.2.840.113533.7.66.10"); AddAlgorithm("CAST6"); + AddAlgorithm("CHACHA"); + AddAlgorithm("CHACHA7539", + "CHACHA20", + "CHACHA20-POLY1305", + PkcsObjectIdentifiers.IdAlgAeadChaCha20Poly1305); AddAlgorithm("DES", OiwObjectIdentifiers.DesCbc, OiwObjectIdentifiers.DesCfb, @@ -114,7 +119,8 @@ namespace Org.BouncyCastle.Security AddAlgorithm("VMPC-KSA3"); AddAlgorithm("XTEA"); - AddBasicIVSizeEntries(8, "BLOWFISH", "DES", "DESEDE", "DESEDE3"); + AddBasicIVSizeEntries(8, "BLOWFISH", "CHACHA", "DES", "DESEDE", "DESEDE3", "SALSA20"); + AddBasicIVSizeEntries(12, "CHACHA7539"); AddBasicIVSizeEntries(16, "AES", "AES128", "AES192", "AES256", "CAMELLIA", "CAMELLIA128", "CAMELLIA192", "CAMELLIA256", "NOEKEON", "SEED", "SM4"); @@ -315,13 +321,9 @@ namespace Org.BouncyCastle.Security return new DerOctetString(CreateIV(random, ivLength)); } - private static byte[] CreateIV( - SecureRandom random, - int ivLength) + private static byte[] CreateIV(SecureRandom random, int ivLength) { - byte[] iv = new byte[ivLength]; - random.NextBytes(iv); - return iv; + return SecureRandom.GetNextBytes(random, ivLength); } private static int FindBasicIVSize( diff --git a/crypto/src/util/Arrays.cs b/crypto/src/util/Arrays.cs index 7b060bf3c..6f2503d2d 100644 --- a/crypto/src/util/Arrays.cs +++ b/crypto/src/util/Arrays.cs @@ -81,20 +81,45 @@ namespace Org.BouncyCastle.Utilities /// <param name="a">first array</param> /// <param name="b">second array</param> /// <returns>true if arrays equal, false otherwise.</returns> - public static bool ConstantTimeAreEqual( - byte[] a, - byte[] b) + public static bool ConstantTimeAreEqual(byte[] a, byte[] b) { - int i = a.Length; - if (i != b.Length) + if (null == a || null == b) return false; - int cmp = 0; - while (i != 0) + if (a == b) + return true; + + int len = System.Math.Min(a.Length, b.Length); + int nonEqual = a.Length ^ b.Length; + for (int i = 0; i < len; ++i) { - --i; - cmp |= (a[i] ^ b[i]); + nonEqual |= (a[i] ^ b[i]); + } + for (int i = len; i < b.Length; ++i) + { + nonEqual |= (b[i] ^ ~b[i]); } - return cmp == 0; + return 0 == nonEqual; + } + + public static bool ConstantTimeAreEqual(int len, byte[] a, int aOff, byte[] b, int bOff) + { + if (null == a) + throw new ArgumentNullException("a"); + if (null == b) + throw new ArgumentNullException("b"); + if (len < 0) + throw new ArgumentException("cannot be negative", "len"); + if (aOff > (a.Length - len)) + throw new IndexOutOfRangeException("'aOff' value invalid for specified length"); + if (bOff > (b.Length - len)) + throw new IndexOutOfRangeException("'bOff' value invalid for specified length"); + + int d = 0; + for (int i = 0; i < len; ++i) + { + d |= (a[aOff + i] ^ b[bOff + i]); + } + return 0 == d; } public static bool AreEqual( @@ -713,6 +738,22 @@ namespace Org.BouncyCastle.Utilities return result; } + public static void Clear(byte[] data) + { + if (null != data) + { + Array.Clear(data, 0, data.Length); + } + } + + public static void Clear(int[] data) + { + if (null != data) + { + Array.Clear(data, 0, data.Length); + } + } + public static bool IsNullOrContainsNull(object[] array) { if (null == array) diff --git a/crypto/src/util/encoders/Hex.cs b/crypto/src/util/encoders/Hex.cs index 3540a9d1e..dc4871352 100644 --- a/crypto/src/util/encoders/Hex.cs +++ b/crypto/src/util/encoders/Hex.cs @@ -9,7 +9,7 @@ namespace Org.BouncyCastle.Utilities.Encoders /// </summary> public sealed class Hex { - private static readonly IEncoder encoder = new HexEncoder(); + private static readonly HexEncoder encoder = new HexEncoder(); private Hex() { @@ -126,5 +126,27 @@ namespace Org.BouncyCastle.Utilities.Encoders { return encoder.DecodeString(data, outStream); } + + /** + * Decode the hexadecimal-encoded string strictly i.e. any non-hexadecimal characters will be + * considered an error. + * + * @return a byte array representing the decoded data. + */ + public static byte[] DecodeStrict(string str) + { + return encoder.DecodeStrict(str, 0, str.Length); + } + + /** + * Decode the hexadecimal-encoded string strictly i.e. any non-hexadecimal characters will be + * considered an error. + * + * @return a byte array representing the decoded data. + */ + public static byte[] DecodeStrict(string str, int off, int len) + { + return encoder.DecodeStrict(str, off, len); + } } } diff --git a/crypto/src/util/encoders/HexEncoder.cs b/crypto/src/util/encoders/HexEncoder.cs index af526e0da..950bc8477 100644 --- a/crypto/src/util/encoders/HexEncoder.cs +++ b/crypto/src/util/encoders/HexEncoder.cs @@ -172,5 +172,31 @@ namespace Org.BouncyCastle.Utilities.Encoders return length; } + + internal byte[] DecodeStrict(string str, int off, int len) + { + if (null == str) + throw new ArgumentNullException("str"); + if (off < 0 || len < 0 || off > (str.Length - len)) + throw new IndexOutOfRangeException("invalid offset and/or length specified"); + if (0 != (len & 1)) + throw new ArgumentException("a hexadecimal encoding must have an even number of characters", "len"); + + int resultLen = len >> 1; + byte[] result = new byte[resultLen]; + + int strPos = off; + for (int i = 0; i < resultLen; ++i) + { + byte b1 = decodingTable[str[strPos++]]; + byte b2 = decodingTable[str[strPos++]]; + + if ((b1 | b2) >= 0x80) + throw new IOException("invalid characters encountered in Hex data"); + + result[i] = (byte)((b1 << 4) | b2); + } + return result; + } } } diff --git a/crypto/test/src/crypto/test/AeadTestUtilities.cs b/crypto/test/src/crypto/test/AeadTestUtilities.cs index 40f334202..a5e21552f 100644 --- a/crypto/test/src/crypto/test/AeadTestUtilities.cs +++ b/crypto/test/src/crypto/test/AeadTestUtilities.cs @@ -1,11 +1,74 @@ using System; +using Org.BouncyCastle.Crypto.Modes; using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Utilities.Test; namespace Org.BouncyCastle.Crypto.Tests { public class AeadTestUtilities { + internal static void TestTampering(ITest test, IAeadCipher cipher, ICipherParameters parameters) + { + byte[] plaintext = new byte[1000]; + for (int i = 0; i < plaintext.Length; i++) + { + plaintext[i] = (byte)i; + } + cipher.Init(true, parameters); + + byte[] ciphertext = new byte[cipher.GetOutputSize(plaintext.Length)]; + int len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, ciphertext, 0); + cipher.DoFinal(ciphertext, len); + + int macLength = cipher.GetMac().Length; + + // Test tampering with a single byte + cipher.Init(false, parameters); + byte[] tampered = new byte[ciphertext.Length]; + byte[] output = new byte[plaintext.Length]; + Array.Copy(ciphertext, 0, tampered, 0, tampered.Length); + tampered[0] += 1; + + cipher.ProcessBytes(tampered, 0, tampered.Length, output, 0); + try + { + cipher.DoFinal(output, 0); + throw new TestFailedException( + new SimpleTestResult(false, test + " : tampering of ciphertext not detected.")); + } + catch (InvalidCipherTextException e) + { + // Expected + } + + // Test truncation of ciphertext to < tag length + cipher.Init(false, parameters); + byte[] truncated = new byte[macLength - 1]; + Array.Copy(ciphertext, 0, truncated, 0, truncated.Length); + + cipher.ProcessBytes(truncated, 0, truncated.Length, output, 0); + try + { + cipher.DoFinal(output, 0); + Fail(test, "tampering of ciphertext not detected."); + } + catch (InvalidCipherTextException e) + { + // Expected + } + } + + private static void Fail(ITest test, string message) + { + throw new TestFailedException(SimpleTestResult.Failed(test, message)); + } + + private static void Fail(ITest test, string message, string expected, string result) + { + throw new TestFailedException(SimpleTestResult.Failed(test, message, expected, result)); + } + internal static AeadParameters ReuseKey(AeadParameters p) { return new AeadParameters(null, p.MacSize, p.GetNonce(), p.GetAssociatedText()); diff --git a/crypto/test/src/crypto/test/ChaCha20Poly1305Test.cs b/crypto/test/src/crypto/test/ChaCha20Poly1305Test.cs new file mode 100644 index 000000000..3f74669dc --- /dev/null +++ b/crypto/test/src/crypto/test/ChaCha20Poly1305Test.cs @@ -0,0 +1,443 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Macs; +using Org.BouncyCastle.Crypto.Modes; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Date; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class ChaCha20Poly1305Test + : SimpleTest + { + private static readonly string[][] TestVectors = new string[][] + { + new string[] + { + "Test Case 1", + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "4c616469657320616e642047656e746c" + + "656d656e206f662074686520636c6173" + + "73206f66202739393a20496620492063" + + "6f756c64206f6666657220796f75206f" + + "6e6c79206f6e652074697020666f7220" + + "746865206675747572652c2073756e73" + + "637265656e20776f756c642062652069" + + "742e", + "50515253c0c1c2c3c4c5c6c7", + "070000004041424344454647", + "d31a8d34648e60db7b86afbc53ef7ec2" + + "a4aded51296e08fea9e2b5a736ee62d6" + + "3dbea45e8ca9671282fafb69da92728b" + + "1a71de0a9e060b2905d6a5b67ecd3b36" + + "92ddbd7f2d778b8c9803aee328091b58" + + "fab324e4fad675945585808b4831d7bc" + + "3ff4def08e4b7a9de576d26586cec64b" + + "6116", + "1ae10b594f09e26a7e902ecbd0600691", + }, + }; + + public override string Name + { + get { return "ChaCha20Poly1305"; } + } + + public override void PerformTest() + { + for (int i = 0; i < TestVectors.Length; ++i) + { + RunTestCase(TestVectors[i]); + } + + OutputSizeTests(); + RandomTests(); + TestExceptions(); + } + + private void CheckTestCase( + ChaCha20Poly1305 encCipher, + ChaCha20Poly1305 decCipher, + string testName, + byte[] SA, + byte[] P, + byte[] C, + byte[] T) + { + byte[] enc = new byte[encCipher.GetOutputSize(P.Length)]; + if (SA != null) + { + encCipher.ProcessAadBytes(SA, 0, SA.Length); + } + int len = encCipher.ProcessBytes(P, 0, P.Length, enc, 0); + len += encCipher.DoFinal(enc, len); + + if (enc.Length != len) + { + Fail("encryption reported incorrect length: " + testName); + } + + byte[] mac = encCipher.GetMac(); + + byte[] data = new byte[P.Length]; + Array.Copy(enc, 0, data, 0, data.Length); + byte[] tail = new byte[enc.Length - P.Length]; + Array.Copy(enc, P.Length, tail, 0, tail.Length); + + if (!AreEqual(C, data)) + { + Fail("incorrect encrypt in: " + testName); + } + + if (!AreEqual(T, mac)) + { + Fail("getMac() returned wrong mac in: " + testName); + } + + if (!AreEqual(T, tail)) + { + Fail("stream contained wrong mac in: " + testName); + } + + byte[] dec = new byte[decCipher.GetOutputSize(enc.Length)]; + if (SA != null) + { + decCipher.ProcessAadBytes(SA, 0, SA.Length); + } + len = decCipher.ProcessBytes(enc, 0, enc.Length, dec, 0); + len += decCipher.DoFinal(dec, len); + mac = decCipher.GetMac(); + + data = new byte[C.Length]; + Array.Copy(dec, 0, data, 0, data.Length); + + if (!AreEqual(P, data)) + { + Fail("incorrect decrypt in: " + testName); + } + } + + private ChaCha20Poly1305 InitCipher(bool forEncryption, AeadParameters parameters) + { + ChaCha20Poly1305 c = new ChaCha20Poly1305(); + c.Init(forEncryption, parameters); + return c; + } + + private static int NextInt(SecureRandom rand, int n) + { + if ((n & -n) == n) // i.e., n is a power of 2 + { + return (int)(((uint)n * (ulong)((uint)rand.NextInt() >> 1)) >> 31); + } + + int bits, value; + do + { + bits = (int)((uint)rand.NextInt() >> 1); + value = bits % n; + } + while (bits - value + (n - 1) < 0); + + return value; + } + + private void OutputSizeTests() + { + byte[] K = new byte[32]; + byte[] A = null; + byte[] N = new byte[12]; + + AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, N, A); + ChaCha20Poly1305 cipher = InitCipher(true, parameters); + + if (cipher.GetUpdateOutputSize(0) != 0) + { + Fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); + } + + if (cipher.GetOutputSize(0) != 16) + { + Fail("incorrect getOutputSize for initial 0 bytes encryption"); + } + + cipher.Init(false, parameters); + + if (cipher.GetUpdateOutputSize(0) != 0) + { + Fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); + } + + // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here + if (cipher.GetOutputSize(0) != 0) + { + Fail("fragile getOutputSize for initial 0 bytes decryption"); + } + + if (cipher.GetOutputSize(16) != 0) + { + Fail("incorrect getOutputSize for initial MAC-size bytes decryption"); + } + } + + private void RandomTests() + { + SecureRandom random = new SecureRandom(); + random.SetSeed(DateTimeUtilities.CurrentUnixMs()); + + for (int i = 0; i < 10; ++i) + { + RandomTest(random); + } + } + + private void RandomTest(SecureRandom random) + { + int kLength = 32; + byte[] K = new byte[kLength]; + random.NextBytes(K); + + int pLength = random.Next(65536); + byte[] P = new byte[pLength]; + random.NextBytes(P); + + int aLength = random.Next(256); + byte[] A = new byte[aLength]; + random.NextBytes(A); + + int saLength = random.Next(256); + byte[] SA = new byte[saLength]; + random.NextBytes(SA); + + int nonceLength = 12; + byte[] nonce = new byte[nonceLength]; + random.NextBytes(nonce); + + AeadParameters parameters = new AeadParameters(new KeyParameter(K), 16 * 8, nonce, A); + ChaCha20Poly1305 cipher = InitCipher(true, parameters); + byte[] C = new byte[cipher.GetOutputSize(P.Length)]; + int predicted = cipher.GetUpdateOutputSize(P.Length); + + int split = NextInt(random, SA.Length + 1); + cipher.ProcessAadBytes(SA, 0, split); + cipher.ProcessAadBytes(SA, split, SA.Length - split); + + int len = cipher.ProcessBytes(P, 0, P.Length, C, 0); + if (predicted != len) + { + Fail("encryption reported incorrect update length in randomised test"); + } + + len += cipher.DoFinal(C, len); + if (C.Length != len) + { + Fail("encryption reported incorrect length in randomised test"); + } + + byte[] encT = cipher.GetMac(); + byte[] tail = new byte[C.Length - P.Length]; + Array.Copy(C, P.Length, tail, 0, tail.Length); + + if (!AreEqual(encT, tail)) + { + Fail("stream contained wrong mac in randomised test"); + } + + cipher.Init(false, parameters); + byte[] decP = new byte[cipher.GetOutputSize(C.Length)]; + predicted = cipher.GetUpdateOutputSize(C.Length); + + split = NextInt(random, SA.Length + 1); + cipher.ProcessAadBytes(SA, 0, split); + cipher.ProcessAadBytes(SA, split, SA.Length - split); + + len = cipher.ProcessBytes(C, 0, C.Length, decP, 0); + if (predicted != len) + { + Fail("decryption reported incorrect update length in randomised test"); + } + + len += cipher.DoFinal(decP, len); + + if (!AreEqual(P, decP)) + { + Fail("incorrect decrypt in randomised test"); + } + + byte[] decT = cipher.GetMac(); + if (!AreEqual(encT, decT)) + { + Fail("decryption produced different mac from encryption"); + } + + // + // key reuse test + // + cipher.Init(false, AeadTestUtilities.ReuseKey(parameters)); + decP = new byte[cipher.GetOutputSize(C.Length)]; + + split = NextInt(random, SA.Length + 1); + cipher.ProcessAadBytes(SA, 0, split); + cipher.ProcessAadBytes(SA, split, SA.Length - split); + + len = cipher.ProcessBytes(C, 0, C.Length, decP, 0); + len += cipher.DoFinal(decP, len); + + if (!AreEqual(P, decP)) + { + Fail("incorrect decrypt in randomised test"); + } + + decT = cipher.GetMac(); + if (!AreEqual(encT, decT)) + { + Fail("decryption produced different mac from encryption"); + } + } + + private void RunTestCase(string[] testVector) + { + int pos = 0; + string testName = testVector[pos++]; + byte[] K = Hex.DecodeStrict(testVector[pos++]); + byte[] P = Hex.DecodeStrict(testVector[pos++]); + byte[] A = Hex.DecodeStrict(testVector[pos++]); + byte[] N = Hex.DecodeStrict(testVector[pos++]); + byte[] C = Hex.DecodeStrict(testVector[pos++]); + byte[] T = Hex.DecodeStrict(testVector[pos++]); + + RunTestCase(testName, K, N, A, P, C, T); + } + + private void RunTestCase( + string testName, + byte[] K, + byte[] N, + byte[] A, + byte[] P, + byte[] C, + byte[] T) + { + byte[] fa = new byte[A.Length / 2]; + byte[] la = new byte[A.Length - (A.Length / 2)]; + Array.Copy(A, 0, fa, 0, fa.Length); + Array.Copy(A, fa.Length, la, 0, la.Length); + + RunTestCase(testName + " all initial associated data", K, N, A, null, P, C, T); + RunTestCase(testName + " all subsequent associated data", K, N, null, A, P, C, T); + RunTestCase(testName + " split associated data", K, N, fa, la, P, C, T); + } + + private void RunTestCase( + string testName, + byte[] K, + byte[] N, + byte[] A, + byte[] SA, + byte[] P, + byte[] C, + byte[] T) + { + AeadParameters parameters = new AeadParameters(new KeyParameter(K), T.Length * 8, N, A); + ChaCha20Poly1305 encCipher = InitCipher(true, parameters); + ChaCha20Poly1305 decCipher = InitCipher(false, parameters); + CheckTestCase(encCipher, decCipher, testName, SA, P, C, T); + encCipher = InitCipher(true, parameters); + CheckTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T); + + // Key reuse + AeadParameters keyReuseParams = AeadTestUtilities.ReuseKey(parameters); + + try + { + encCipher.Init(true, keyReuseParams); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsTrue("wrong message", "cannot reuse nonce for ChaCha20Poly1305 encryption".Equals(e.Message)); + } + } + + private void TestExceptions() + { + ChaCha20Poly1305 c = new ChaCha20Poly1305(); + + try + { + c = new ChaCha20Poly1305(new SipHash()); + + Fail("incorrect mac size not picked up"); + } + catch (ArgumentException e) + { + // expected + } + + try + { + c.Init(false, new KeyParameter(new byte[32])); + + Fail("illegal argument not picked up"); + } + catch (ArgumentException e) + { + // expected + } + + AeadTestUtilities.TestTampering(this, c, new AeadParameters(new KeyParameter(new byte[32]), 128, new byte[12])); + + byte[] P = Strings.ToByteArray("Hello world!"); + byte[] buf = new byte[100]; + + c = new ChaCha20Poly1305(); + AeadParameters aeadParameters = new AeadParameters(new KeyParameter(new byte[32]), 128, new byte[12]); + c.Init(true, aeadParameters); + + c.ProcessBytes(P, 0, P.Length, buf, 0); + + c.DoFinal(buf, 0); + + try + { + c.DoFinal(buf, 0); + Fail("no exception on reuse"); + } + catch (InvalidOperationException e) + { + IsTrue("wrong message", e.Message.Equals("ChaCha20Poly1305 cannot be reused for encryption")); + } + + try + { + c.Init(true, aeadParameters); + Fail("no exception on reuse"); + } + catch (ArgumentException e) + { + IsTrue("wrong message", e.Message.Equals("cannot reuse nonce for ChaCha20Poly1305 encryption")); + } + } + + public static void Main(string[] args) + { + RunTest(new ChaCha20Poly1305Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + } +} diff --git a/crypto/test/src/crypto/test/GCMTest.cs b/crypto/test/src/crypto/test/GCMTest.cs index e5e5fc43e..2ab5c6216 100644 --- a/crypto/test/src/crypto/test/GCMTest.cs +++ b/crypto/test/src/crypto/test/GCMTest.cs @@ -9,6 +9,7 @@ using Org.BouncyCastle.Crypto.Modes; using Org.BouncyCastle.Crypto.Modes.Gcm; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Date; using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.Utilities.Test; @@ -356,39 +357,38 @@ namespace Org.BouncyCastle.Crypto.Tests // expected } - // TODO - //AEADTestUtil.testTampering(this, gcm, new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[16])); + AeadTestUtilities.TestTampering(this, gcm, new AeadParameters(new KeyParameter(new byte[16]), 128, new byte[16])); - //byte[] P = Strings.toByteArray("Hello world!"); - //byte[] buf = new byte[100]; + byte[] P = Strings.ToByteArray("Hello world!"); + byte[] buf = new byte[100]; - //GCMBlockCipher c = new GCMBlockCipher(createAESEngine()); - //AEADParameters aeadParameters = new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[16]); - //c.init(true, aeadParameters); + GcmBlockCipher c = new GcmBlockCipher(CreateAesEngine()); + AeadParameters aeadParameters = new AeadParameters(new KeyParameter(new byte[16]), 128, new byte[16]); + c.Init(true, aeadParameters); - //c.processBytes(P, 0, P.length, buf, 0); + c.ProcessBytes(P, 0, P.Length, buf, 0); - //c.doFinal(buf, 0); + c.DoFinal(buf, 0); - //try - //{ - // c.doFinal(buf, 0); - // fail("no exception on reuse"); - //} - //catch (IllegalStateException e) - //{ - // isTrue("wrong message", e.getMessage().equals("GCM cipher cannot be reused for encryption")); - //} + try + { + c.DoFinal(buf, 0); + Fail("no exception on reuse"); + } + catch (InvalidOperationException e) + { + IsTrue("wrong message", e.Message.Equals("GCM cipher cannot be reused for encryption")); + } - //try - //{ - // c.init(true, aeadParameters); - // fail("no exception on reuse"); - //} - //catch (IllegalArgumentException e) - //{ - // isTrue("wrong message", e.getMessage().equals("cannot reuse nonce for GCM encryption")); - //} + try + { + c.Init(true, aeadParameters); + Fail("no exception on reuse"); + } + catch (ArgumentException e) + { + IsTrue("wrong message", e.Message.Equals("cannot reuse nonce for GCM encryption")); + } } private void RunTestCase(string[] testVector) diff --git a/crypto/test/src/crypto/test/RegressionTest.cs b/crypto/test/src/crypto/test/RegressionTest.cs index 2bc55e8a2..aa9cd0483 100644 --- a/crypto/test/src/crypto/test/RegressionTest.cs +++ b/crypto/test/src/crypto/test/RegressionTest.cs @@ -105,6 +105,7 @@ namespace Org.BouncyCastle.Crypto.Tests new Salsa20Test(), new XSalsa20Test(), new ChaChaTest(), + new ChaCha20Poly1305Test(), new CMacTest(), new EaxTest(), new GcmTest(), diff --git a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs index df0158b96..5c1ceb72e 100644 --- a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs +++ b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs @@ -78,6 +78,196 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests } [Test] + public void TestRegression() + { + CheckX448Vector( + "c05bd19c61d1c2c0e79414345cfb9c138eed88054fac8f74b2c4b5e1e817aaad629d159903bef40c10c85a8b90b8433c7f35248d72bea2d1", + "fefffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "856b8707b16e1b21dfc547fdb04c61a4aed9f9001f3f26404901e9ba30933cdd7ca9e2a0e57700588eb8576312ead8ee5791a8ecff32efaa", + "Regression #1"); + + CheckX448Vector( + "24ba9df56ef036b4bcde7b0138b7983ae0fe3d2fd4b9d13ef0b8b0998c8394364d7dcb25a3885e571374f91615275440db0645ee7c0a6feb", + "0000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "f1ef9174222c422cb3a6194da91dbdab62b0688179e77f47019cc9eb7c38da86f6f51fc250e8a46dd4b3341cc5f71f1d8daf0b28e873d818", + "Regression #2"); + + CheckX448Vector( + "40670a1efa7072a65c279f9618263a9e266fe12d82ff53c29b99d5e265e1fc7c32345227d6699a6d6b5517cf33b43ab156ee20df4878798e", + "0000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000", + "f27f02b452f9a5e95f08092e7e4058ae560732a4ffd5e4c4cc497af9d8e0d77f3d94d07dea932f0a79fa63c852a1cf03b60ab5a5201748ef", + "Regression #3"); + + CheckX448Vector( + "8c37fb35eac1dbda6a3b5bf492c1f642c761be3adf0ab7617a66002576c45bba8202970bae6c5e05f645f5439ca2f42b89dacace1a5d0e82", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040", + "60c468df97e2e4427f27420cc6bc9eebaa2bceb827eb55a187fc5c29555e72a663243f6af4095641d72caeacb369720ea18cadd6efdbece6", + "Regression #4"); + + CheckX448Vector( + "e8761598ba212a4e9724eaab2f3c225b0cc019595fa702ae0361bf3d348d9d6f7a04352424a5fd3026650f2a04574499daebc71f4c6d0fd9", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffbf", + "2521c283651396fb03bf074e3ce6d08d7b393de5fa85e9ac633cef328ac54576f6005f34c795425c56db62e8ceddf807d68e37646afb1184", + "Regression #5"); + + CheckX448Vector( + "5410735bd95cd0640fc1e2e11a028803f1cb4344f4efee75ae0b9eb9db5627d6e2a4b6dbad4af3fee986cce934bed60a0e8698204638b5a9", + "fffffffffffffffefffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "8951b4fc362ccd60cb560fde65fa126158a9727a3d577c507566fa5b4a79c2ac6bfd6c69defeb9eb29830cc4aaf6427f2ae66b2cd320159d", + "Regression #6"); + + CheckX448Vector( + "08353724fbc03927b17359a88c121276ad697991ee89868e48890e95d1b03e603bcb51fdf6f296f1f1d10f5df10e00b8a25c9809f9aa1a94", + "0000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "30b1d98154768a2a2af568e2fa3577a042a5c7e5f9ac91b100655ea332b42db568034b15fdf75c693d8c2d0c2de54fb9d6d17efa316aa543", + "Regression #7"); + + CheckX448Vector( + "98c6f36e1cb74528763f3aa11196ef9449c67be360e25e40ab06f1e39b742615a7dde3b29415ed827c68f07d4a47a4d9595c40c7fccb92a3", + "ffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "c3c7aec97786a43b79f8a053cf185363112f04411a8ef3d3283f61eeac59a1f2918e10f54937932f5ac1e3b72fdbea57f34274598b17d768", + "Regression #8"); + + CheckX448Vector( + "4804afd055ec05f335b7e3eebbde2a6de010ce7495e6c0d02173fa8c48bb495375b7d149c67b92d2885acb8d8bbb51a317453788671efa9f", + "fffffffffffffffffffffffffffffffffefffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "d6a2724dc9ca1579d94a8cc8815a3ed392b9e10b39f57c747f7b2d84f54969062c8b86929a1a12f466d3ef9598f1904773a4ee938f0f5df3", + "Regression #9"); + + CheckX448Vector( + "bc7bce37434c0a1d05eff428034f75ed7454ede6b2a6e34ed4fcedc050349c866c40a27c27898afec41b3b477f0df5c5356e57d7562cdda5", + "fffffefffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "963ff8e5ea534178e1922cc06c638367c2c4690aba7e4aaab8342210b9035727062762631f79e709d2baf0646f0d9a37df02d531791bc940", + "Regression #10"); + + CheckX448Vector( + "c05bd19c61d1c2c0e79414345cfb9c138eed88054fac8f74b2c4b5e1e817aaad629d159903bef40c10c85a8b90b8433c7f35248d72bea2d1", + "fefffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "856b8707b16e1b21dfc547fdb04c61a4aed9f9001f3f26404901e9ba30933cdd7ca9e2a0e57700588eb8576312ead8ee5791a8ecff32efaa", + "Regression #11"); + + CheckX448Vector( + "742b8c0b0ab0104a9ef9634c0aad023f35e41fb953717121ce4c2aebc1a128e7c0431cd1347a6241685f7174a8512d417ebaaa46ee780a8a", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "d92b02d7bb9952f4ca826b2b51f1a3d4de1fd4459f0d019853f3a960d54f3354d8e40fb28d1be65637bb7dba0571ff83797b7106c7497459", + "Regression #12"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "Regression #13"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "9fe4a6f810098a4faf078cdc888988bae53234d9dac49e0c39186789d8ce4b35530bfbe4e8a5520b84028f3c6d2234f6bf2e07375e927e48", + "Regression #14"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "c51d92750f8491e669eabb9c30fc8d4d16bfd6a214fd8f1a884e6130f9d5121aef3ac1cb7eac7c128473d38fbdedc584c477575de332ad93", + "Regression #15"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "ffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "a1840a0bd418dab5529353787f71042303ed65df615340845ba39e48c82b70022c3e10c3afbaec9f3c1559d5164a4c123672f308f55f5cb3", + "Regression #16"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000", + "c9c399826f4fdf4898f8abbccb7401541ca6084cf53e6f809d87d1fb614e867d6ff956058275944351917fe41675bce2f642f8aadf01a7bb", + "Regression #17"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000", + "b4209095fd21eb70a3e60b380191c43a85ca96a03f079d4493b215567af08514560fff03f9f6280bc0b357919c533686d0c02019f4866b2e", + "Regression #18"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000", + "8c46b8a63d37ea4ff2603b6ee0b72fd37f5d4be4c9076b0841d07540dc1f28c2d15ce01c5bccb8ba284b4f077b9d0f554d49bb1f5f9ebf7e", + "Regression #19"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000", + "8c46b8a63d37ea4ff2603b6ee0b72fd37f5d4be4c9076b0841d07540dc1f28c2d15ce01c5bccb8ba284b4f077b9d0f554d49bb1f5f9ebf7e", + "Regression #20"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040", + "bbcb71fe09d61a0d78a310d6a8f97f15457e9c3e020a4b70f9fcdee93a897505494fbb1437a0eacaf79f526fce66c8a24ee4a0e75891af4c", + "Regression #21"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "b21e0e2701e415d4ec3a46fecf167ffec7bb335cf96e902f1f8a63e90ef956381014149e86f3a6838a40a33ea6947b9955899cb622812ca1", + "Regression #22"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080", + "ad4be2907f519cc9e87006bb1b1fbe71475db52680fe7f27707b455e70c74a0e2600c6ff6de69365be551fcde234f9a25b4c269255174c5a", + "Regression #23"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "00000000000000000000000000000000000000000000000000000000feffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "663c7b4c123648242185c9f88352304f4476bf46580297c41714917eda81efa5e0ce2cf48529b587a7e7cd1afcff9d2afa887d0feab6109b", + "Regression #24"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "0b3587f884ca5ac777ac98bbb203dbddf3fda14f351488d0dcf60a9c13c2fec4b8595922a9ec09cfd5d9d20ac639f9f74369b34646288965", + "Regression #25"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "fefffffffffffffffffffffffffffefffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "3921df4603cce60a982403d04a034160e3bde6b6a496f5be2c927b37dcab5137de990cc00a589b63ee12c9ee7e944bc1500d1b3ded48622c", + "Regression #26"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "0000000000000000000000000000fffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "51ede7991c611ef33c0676584d1e8897cedf32cccf14e262515c043a7642048e01f2cc3ae392c40063459c34414d4cc809fd37253d7ee801", + "Regression #27"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "ffffffffffffffffffffffffff7ffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "07538cec452af2888f2bc565f31a5a6e73489857752304e21a1907ff62f63874ef091a0c11d8514a3ed7a15af77efee84f6eec8fa0792423", + "Regression #28"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "fdfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "5116bf8a4860bbfa28c2c8c96a1105cc9c139130417ed2226f2fe29a3d0b39096b0456faf34dab950bf430bb58c8c8b9320f39c7766c9fc1", + "Regression #29"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "fefffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "Regression #30"); + + CheckX448Vector( + "244534ab5f22108381d4a35f308d51b19e20ce997d7e9dff253e1d5faf1a8ad6ab73ff586d1eee6dac0fe7b5593c3123c6f1424800fa9b88", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "006bc6af5644e8f5824ab7a1b1411d1b2f91d8038b545efcfcb9917c40a3ef48d698f342c1db57118936a18a2608c0427772c70bd0aae479", + "Regression #31"); + } + + [Test] public void TestX448Iterated() { CheckIterated(1000); |