From 56daa6eac526f165416d17f661422d60de0dfd63 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 23 Apr 2024 14:31:22 +0700
Subject: Restrict m value in F2m curves

- configure limit w/ env. var. "Org.BouncyCastle.EC.F2m_MaxSize"
---
 crypto/src/math/ec/ECCurve.cs               | 18 +++++++++++-------
 crypto/test/src/math/ec/test/ECPointTest.cs | 20 ++++++++++++++++++++
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs
index 245ca1941..ae0d5d69e 100644
--- a/crypto/src/math/ec/ECCurve.cs
+++ b/crypto/src/math/ec/ECCurve.cs
@@ -607,6 +607,13 @@ namespace Org.BouncyCastle.Math.EC
         }
 #endif
 
+        internal static int ImplGetInteger(string envVariable, int defaultValue)
+        {
+            string property = Platform.GetEnvironmentVariable(envVariable);
+
+            return int.TryParse(property, out int value) ? value : defaultValue;
+        }
+
         private class DefaultLookupTable
             : AbstractECLookupTable
         {
@@ -757,13 +764,6 @@ namespace Org.BouncyCastle.Math.EC
                 throw new ArgumentException("Fp q value not prime");
         }
 
-        private static int ImplGetInteger(string envVariable, int defaultValue)
-        {
-            string property = Platform.GetEnvironmentVariable(envVariable);
-
-            return int.TryParse(property, out int value) ? value : defaultValue;
-        }
-
         private static int ImplGetIterations(int bits, int certainty)
         {
             /*
@@ -966,6 +966,10 @@ namespace Org.BouncyCastle.Math.EC
 
         private static IFiniteField BuildField(int m, int k1, int k2, int k3)
         {
+            int maxM = ImplGetInteger("Org.BouncyCastle.EC.F2m_MaxSize", 1142); // 2 * 571
+            if (m > maxM)
+                throw new ArgumentException("F2m m value out of range");
+
             int[] exponents = (k2 | k3) == 0
                 ? new int[]{ 0, k1, m }
                 : new int[]{ 0, k1, k2, k3, m };
diff --git a/crypto/test/src/math/ec/test/ECPointTest.cs b/crypto/test/src/math/ec/test/ECPointTest.cs
index 7a833a413..a5129f3fb 100644
--- a/crypto/test/src/math/ec/test/ECPointTest.cs
+++ b/crypto/test/src/math/ec/test/ECPointTest.cs
@@ -179,6 +179,26 @@ namespace Org.BouncyCastle.Math.EC.Tests
             }
         }
 
+        [Test]
+        public void TestLargeMInF2m()
+        {
+            int m = 2048;
+            int k1 = 1;
+            BigInteger aTpb = new BigInteger("1000", 2);
+            BigInteger bTpb = new BigInteger("1001", 2);
+            BigInteger n = new BigInteger("23");
+            BigInteger h = new BigInteger("1");
+
+            try
+            {
+                F2mCurve curve = new F2mCurve(m, k1, aTpb, bTpb, n, h);
+            }
+            catch (ArgumentException e)
+            {
+                Assert.AreEqual("F2m m value out of range", e.Message);
+            }
+        }
+
         /**
          * Calls <code>implTestAdd()</code> for <code>Fp</code> and
          * <code>F2m</code>.
-- 
cgit 1.4.1