From ecb5c21a39c61a95d901379938e6f4f3d7d44df3 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 24 Jan 2023 15:40:33 +0700 Subject: Mark custom curves internal --- crypto/src/math/ec/ECCurve.cs | 146 ++++++++++++------------ crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP128R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP160K1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP160R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP160R2Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP192K1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP192R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP224K1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP224R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP256K1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP256R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP384R1Curve.cs | 2 +- crypto/src/math/ec/custom/sec/SecP521R1Curve.cs | 2 +- 14 files changed, 87 insertions(+), 85 deletions(-) diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs index 3999ba4f0..624495051 100644 --- a/crypto/src/math/ec/ECCurve.cs +++ b/crypto/src/math/ec/ECCurve.cs @@ -675,9 +675,40 @@ namespace Org.BouncyCastle.Math.EC public abstract class AbstractFpCurve : ECCurve { + private static readonly HashSet KnownQs = new HashSet(); + protected AbstractFpCurve(BigInteger q) + : this(q, false) + { + } + + internal AbstractFpCurve(BigInteger q, bool isInternal) : base(FiniteFields.GetPrimeField(q)) { + if (!isInternal) + { + bool unknownQ; + lock (KnownQs) unknownQ = !KnownQs.Contains(q); + + if (unknownQ) + { + int maxBitLength = ImplGetInteger("Org.BouncyCastle.EC.Fp_MaxSize", 1042); // 2 * 521 + int certainty = ImplGetInteger("Org.BouncyCastle.EC.Fp_Certainty", 100); + + int qBitLength = q.BitLength; + if (maxBitLength < qBitLength) + throw new ArgumentException("Fp q value out of range"); + + if (Primes.HasAnySmallFactors(q) || + !Primes.IsMRProbablePrime(q, SecureRandom.ArbitraryRandom, + ImplGetNumberOfIterations(qBitLength, certainty))) + { + throw new ArgumentException("Fp q value not prime"); + } + } + } + + lock (KnownQs) KnownQs.Add(q); } public override bool IsValidFieldElement(BigInteger x) @@ -730,6 +761,47 @@ namespace Org.BouncyCastle.Math.EC return CreateRawPoint(x, y); } + private static int ImplGetInteger(string envVariable, int defaultValue) + { + string v = Platform.GetEnvironmentVariable(envVariable); + if (v == null) + return defaultValue; + + return int.Parse(v); + } + + private static int ImplGetNumberOfIterations(int bits, int certainty) + { + /* + * NOTE: We enforce a minimum 'certainty' of 100 for bits >= 1024 (else 80). Where the + * certainty is higher than the FIPS 186-4 tables (C.2/C.3) cater to, extra iterations + * are added at the "worst case rate" for the excess. + */ + if (bits >= 1536) + { + return certainty <= 100 ? 3 + : certainty <= 128 ? 4 + : 4 + (certainty - 128 + 1) / 2; + } + else if (bits >= 1024) + { + return certainty <= 100 ? 4 + : certainty <= 112 ? 5 + : 5 + (certainty - 112 + 1) / 2; + } + else if (bits >= 512) + { + return certainty <= 80 ? 5 + : certainty <= 100 ? 7 + : 7 + (certainty - 100 + 1) / 2; + } + else + { + return certainty <= 80 ? 40 + : 40 + (certainty - 80 + 1) / 2; + } + } + private static BigInteger ImplRandomFieldElement(SecureRandom r, BigInteger p) { BigInteger x; @@ -761,8 +833,6 @@ namespace Org.BouncyCastle.Math.EC { private const int FP_DEFAULT_COORDS = COORD_JACOBIAN_MODIFIED; - private static readonly HashSet KnownQs = new HashSet(); - protected readonly BigInteger m_q, m_r; protected readonly FpPoint m_infinity; @@ -778,32 +848,8 @@ namespace Org.BouncyCastle.Math.EC } internal FpCurve(BigInteger q, BigInteger a, BigInteger b, BigInteger order, BigInteger cofactor, bool isInternal) - : base(q) + : base(q, isInternal) { - if (!isInternal) - { - bool unknownQ; - lock (KnownQs) unknownQ = !KnownQs.Contains(q); - - if (unknownQ) - { - int maxBitLength = AsInteger("Org.BouncyCastle.EC.Fp_MaxSize", 1042); // 2 * 521 - int certainty = AsInteger("Org.BouncyCastle.EC.Fp_Certainty", 100); - - int qBitLength = q.BitLength; - if (maxBitLength < qBitLength) - throw new ArgumentException("Fp q value out of range"); - - if (Primes.HasAnySmallFactors(q) || - !Primes.IsMRProbablePrime(q, SecureRandom.ArbitraryRandom, - GetNumberOfIterations(qBitLength, certainty))) - { - throw new ArgumentException("Fp q value not prime"); - } - } - } - - lock (KnownQs) KnownQs.Add(q); this.m_q = q; this.m_r = FpFieldElement.CalculateResidue(q); @@ -818,7 +864,7 @@ namespace Org.BouncyCastle.Math.EC internal FpCurve(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor) - : base(q) + : base(q, true) { this.m_q = q; this.m_r = r; @@ -903,50 +949,6 @@ namespace Org.BouncyCastle.Math.EC return base.ImportPoint(p); } - - private int GetNumberOfIterations(int bits, int certainty) - { - /* - * NOTE: We enforce a minimum 'certainty' of 100 for bits >= 1024 (else 80). Where the - * certainty is higher than the FIPS 186-4 tables (C.2/C.3) cater to, extra iterations - * are added at the "worst case rate" for the excess. - */ - if (bits >= 1536) - { - return certainty <= 100 ? 3 - : certainty <= 128 ? 4 - : 4 + (certainty - 128 + 1) / 2; - } - else if (bits >= 1024) - { - return certainty <= 100 ? 4 - : certainty <= 112 ? 5 - : 5 + (certainty - 112 + 1) / 2; - } - else if (bits >= 512) - { - return certainty <= 80 ? 5 - : certainty <= 100 ? 7 - : 7 + (certainty - 100 + 1) / 2; - } - else - { - return certainty <= 80 ? 40 - : 40 + (certainty - 80 + 1) / 2; - } - } - - int AsInteger(string envVariable, int defaultValue) - { - string v = Platform.GetEnvironmentVariable(envVariable); - - if (v == null) - { - return defaultValue; - } - - return int.Parse(v); - } } public abstract class AbstractF2mCurve diff --git a/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs b/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs index ae6c6e1d9..3147ccf98 100644 --- a/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs +++ b/crypto/src/math/ec/custom/gm/SM2P256V1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.GM protected readonly SM2P256V1Point m_infinity; public SM2P256V1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SM2P256V1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs index a5fc338da..5fa18d470 100644 --- a/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP128R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP128R1Point m_infinity; public SecP128R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP128R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs index 99318a2d8..b757659d2 100644 --- a/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160K1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP160K1Point m_infinity; public SecP160K1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP160K1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs index b3e90f82a..3b7e1aa06 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP160R1Point m_infinity; public SecP160R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP160R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs b/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs index 54a67d796..0f226ad19 100644 --- a/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP160R2Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP160R2Point m_infinity; public SecP160R2Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP160R2Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs index 9e73e5d51..b9ff71ac8 100644 --- a/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP192K1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP192K1Point m_infinity; public SecP192K1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP192K1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs index fb9e0f7ad..77524b362 100644 --- a/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP192R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP192R1Point m_infinity; public SecP192R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP192R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs index 91af66685..04be47202 100644 --- a/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP224K1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP224K1Point m_infinity; public SecP224K1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP224K1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs index b82841446..8cd2b7272 100644 --- a/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP224R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP224R1Point m_infinity; public SecP224R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP224R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs b/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs index d9c876818..804b65d60 100644 --- a/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP256K1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP256K1Point m_infinity; public SecP256K1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP256K1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs index 7a5cec8b3..dd2b964c6 100644 --- a/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP256R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP256R1Point m_infinity; public SecP256R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP256R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs index 242b73fc6..f54dd44c2 100644 --- a/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP384R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP384R1Point m_infinity; public SecP384R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP384R1Point(this, null, null); diff --git a/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs b/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs index 9cdcec036..a5f4cf957 100644 --- a/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs +++ b/crypto/src/math/ec/custom/sec/SecP521R1Curve.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec protected readonly SecP521R1Point m_infinity; public SecP521R1Curve() - : base(q) + : base(q, true) { this.m_infinity = new SecP521R1Point(this, null, null); -- cgit 1.4.1