some refactorings and cleanup (in CryptoLib)

- add public validation methods to ECDomainParameters
- add validation to ECPrivateKeyParameters
- ECDomainParameters equality/hashCode add check for (optional) cofactor

src/libraries/cryptolib4pascal/ClpECAlgorithms.pas

@@ -814,7 +814,7 @@ begin
 
   if (glvEndomorphism.HasEfficientPointMap) then
   begin
-    result := TECAlgorithms.ImplSumOfMultiplies(glvEndomorphism, ps, Abs);
+    result := ImplSumOfMultiplies(glvEndomorphism, ps, Abs);
     Exit;
   end;
 
@@ -835,7 +835,7 @@ begin
     System.Inc(i);
   end;
 
-  result := TECAlgorithms.ImplSumOfMultiplies(pqs, Abs);
+  result := ImplSumOfMultiplies(pqs, Abs);
 end;
 
 class function TECAlgorithms.ImportPoint(const c: IECCurve; const p: IECPoint)

src/libraries/cryptolib4pascal/ClpECDomainParameters.pas

@@ -31,11 +31,13 @@ uses
 
 resourcestring
   SCurveNil = 'Curve Cannot be Nil';
+  SScalarNil = 'Scalar Cannot be Nil';
   SGNil = 'G Cannot be Nil';
   SBigIntegerNotInitialized = 'BigInteger Not Initialized "%s"';
   SQNil = 'Q Cannot be Nil';
   SQInfinity = 'Point at Infinity "Q"';
   SQPointNotOnCurve = 'Point Not on Curve "Q"';
+  SScalarInvalidRange = 'Scalar is not in the Interval [1, n - 1]';
 
 type
 
@@ -59,8 +61,8 @@ type
 
   public
 
-    class function Validate(const c: IECCurve; const q: IECPoint)
-      : IECPoint; static;
+    class function ValidatePublicPoint(const c: IECCurve; const q: IECPoint)
+      : IECPoint; overload; static;
 
     constructor Create(const curve: IECCurve; const g: IECPoint;
       const n: TBigInteger); overload;
@@ -69,6 +71,9 @@ type
     constructor Create(const curve: IECCurve; const g: IECPoint;
       const n, h: TBigInteger; const seed: TCryptoLibByteArray); overload;
 
+    function ValidatePrivateScalar(const d: TBigInteger): TBigInteger;
+    function ValidatePublicPoint(const q: IECPoint): IECPoint; overload;
+
     destructor Destroy; override;
 
     property curve: IECCurve read GetCurve;
@@ -87,7 +92,7 @@ implementation
 
 { TECDomainParameters }
 
-class function TECDomainParameters.Validate(const c: IECCurve;
+class function TECDomainParameters.ValidatePublicPoint(const c: IECCurve;
   const q: IECPoint): IECPoint;
 begin
   if (q = Nil) then
@@ -171,7 +176,7 @@ begin
   // we can't check for (not (h.IsInitialized)) here as h is optional in X9.62 as it is not required for ECDSA
 
   Fcurve := curve;
-  Fg := Validate(curve, g);
+  Fg := ValidatePublicPoint(curve, g);
   Fn := n;
   Fh := h;
   FhInv := Default (TBigInteger);
@@ -186,6 +191,26 @@ begin
   inherited Destroy;
 end;
 
+function TECDomainParameters.ValidatePublicPoint(const q: IECPoint): IECPoint;
+begin
+  result := ValidatePublicPoint(curve, q);
+end;
+
+function TECDomainParameters.ValidatePrivateScalar(const d: TBigInteger)
+  : TBigInteger;
+begin
+  if (not(d.IsInitialized)) then
+  begin
+    raise EArgumentNilCryptoLibException.CreateRes(@SScalarNil);
+  end;
+
+  if ((d.CompareTo(TBigInteger.One) < 0) or (d.CompareTo(n) >= 0)) then
+  begin
+    raise EArgumentCryptoLibException.CreateRes(@SScalarInvalidRange);
+  end;
+  result := d;
+end;
+
 function TECDomainParameters.Equals(const other: IECDomainParameters): Boolean;
 begin
 
@@ -202,20 +227,30 @@ begin
   end;
 
   result := curve.Equals(other.curve) and g.Equals(other.g) and
-    n.Equals(other.n) and h.Equals(other.h);
+    n.Equals(other.n);
 
+  if h.IsInitialized then
+  begin
+    result := result and h.Equals(other.h);
+  end;
 end;
 
 function TECDomainParameters.GetHashCode: {$IFDEF DELPHI}Int32; {$ELSE}PtrInt;
 {$ENDIF DELPHI}
 begin
-  result := curve.GetHashCode();
-  result := result * 37;
-  result := result xor g.GetHashCode();
-  result := result * 37;
-  result := result xor n.GetHashCode();
-  result := result * 37;
-  result := result xor h.GetHashCode();
+  result := 4;
+  result := result * 257;
+  result := result xor Fcurve.GetHashCode();
+  result := result * 257;
+  result := result xor Fg.GetHashCode();
+  result := result * 257;
+  result := result xor Fn.GetHashCode();
+
+  if h.IsInitialized then
+  begin
+    result := result * 257;
+    result := result xor Fh.GetHashCode();
+  end;
 end;
 
 end.

src/libraries/cryptolib4pascal/ClpECKeyGenerationParameters.pas

@@ -26,7 +26,6 @@ uses
   ClpISecureRandom,
   ClpIECKeyGenerationParameters,
   ClpIECDomainParameters,
-  ClpIAsn1Objects,
   ClpKeyGenerationParameters;
 
 type
@@ -36,26 +35,17 @@ type
   strict private
   var
     FdomainParams: IECDomainParameters;
-    FpublicKeyParamSet: IDerObjectIdentifier;
 
     function GetDomainParameters: IECDomainParameters;
-    function GetPublicKeyParamSet: IDerObjectIdentifier;
 
   public
     constructor Create(const domainParameters: IECDomainParameters;
-      const random: ISecureRandom); overload;
-    constructor Create(const publicKeyParamSet: IDerObjectIdentifier;
-      const random: ISecureRandom); overload;
+      const random: ISecureRandom);
     property domainParameters: IECDomainParameters read GetDomainParameters;
-    property publicKeyParamSet: IDerObjectIdentifier read GetPublicKeyParamSet;
-
   end;
 
 implementation
 
-uses
-  ClpECKeyParameters; // included here to avoid circular dependency :)
-
 { TECKeyGenerationParameters }
 
 constructor TECKeyGenerationParameters.Create(const domainParameters
@@ -65,21 +55,9 @@ begin
   FdomainParams := domainParameters;
 end;
 
-constructor TECKeyGenerationParameters.Create(const publicKeyParamSet
-  : IDerObjectIdentifier; const random: ISecureRandom);
-begin
-  Create(TECKeyParameters.LookupParameters(publicKeyParamSet), random);
-  FpublicKeyParamSet := publicKeyParamSet;
-end;
-
 function TECKeyGenerationParameters.GetDomainParameters: IECDomainParameters;
 begin
   Result := FdomainParams;
 end;
 
-function TECKeyGenerationParameters.GetPublicKeyParamSet: IDerObjectIdentifier;
-begin
-  Result := FpublicKeyParamSet;
-end;
-
 end.

src/libraries/cryptolib4pascal/ClpECKeyPairGenerator.pas

@@ -64,7 +64,6 @@ type
   var
     Falgorithm: String;
     Fparameters: IECDomainParameters;
-    FpublicKeyParamSet: IDerObjectIdentifier;
     Frandom: ISecureRandom;
 
   strict protected
@@ -141,7 +140,7 @@ begin
   begin
     d := TBigInteger.Create(n.BitLength, Frandom);
 
-    if ((d.CompareTo(TBigInteger.Two) < 0) or (d.CompareTo(n) >= 0)) then
+    if ((d.CompareTo(TBigInteger.One) < 0) or (d.CompareTo(n) >= 0)) then
       continue;
 
     if (TWNafUtilities.GetNafWeight(d) < minWeight) then
@@ -154,15 +153,6 @@ begin
 
   q := CreateBasePointMultiplier().Multiply(Fparameters.G, d);
 
-  if (FpublicKeyParamSet <> Nil) then
-  begin
-    result := TAsymmetricCipherKeyPair.Create
-      (TECPublicKeyParameters.Create(Falgorithm, q, FpublicKeyParamSet)
-      as IECPublicKeyParameters, TECPrivateKeyParameters.Create(Falgorithm, d,
-      FpublicKeyParamSet) as IECPrivateKeyParameters);
-    Exit;
-  end;
-
   result := TAsymmetricCipherKeyPair.Create
     (TECPublicKeyParameters.Create(Falgorithm, q, Fparameters)
     as IECPublicKeyParameters, TECPrivateKeyParameters.Create(Falgorithm, d,
@@ -179,13 +169,6 @@ begin
   q := (TFixedPointCombMultiplier.Create() as IFixedPointCombMultiplier)
     .Multiply(ec.G, privKey.d);
 
-  if (privKey.publicKeyParamSet <> Nil) then
-  begin
-    result := TECPublicKeyParameters.Create(privKey.AlgorithmName, q,
-      privKey.publicKeyParamSet);
-    Exit;
-  end;
-
   result := TECPublicKeyParameters.Create(privKey.AlgorithmName, q, ec);
 end;
 
@@ -197,7 +180,6 @@ var
 begin
   if (Supports(parameters, IECKeyGenerationParameters, ecP)) then
   begin
-    FpublicKeyParamSet := ecP.publicKeyParamSet;
     Fparameters := ecP.DomainParameters;
   end
   else
@@ -223,10 +205,8 @@ begin
 
     ecps := FindECCurveByOid(oid);
 
-    FpublicKeyParamSet := oid;
     Fparameters := TECDomainParameters.Create(ecps.Curve, ecps.G, ecps.n,
       ecps.H, ecps.GetSeed());
-
   end;
 
   Frandom := parameters.random;

src/libraries/cryptolib4pascal/ClpECKeyParameters.pas

@@ -30,7 +30,6 @@ uses
   ClpIECKeyParameters,
   ClpIX9ECParameters,
   ClpIECDomainParameters,
-  ClpIAsn1Objects,
   ClpIECKeyGenerationParameters,
   ClpAsymmetricKeyParameter,
   ClpECKeyGenerationParameters,
@@ -39,9 +38,6 @@ uses
 resourcestring
   SAlgorithmNil = 'Algorithm Cannot be Empty';
   SParameterNil = 'Parameter Cannot be Nil';
-  SPublicKeyParamSetNil = 'PublicKeyParamSet Cannot be Nil';
-  SInvalidPublicKeyParamSetNil =
-    'OID Is Not a Valid Public Key Parameter Set  "PublicKeyParamSet"';
   SUnRecognizedAlgorithm = 'Unrecognised Algorithm: " %s, "Algorithm';
 
 type
@@ -57,32 +53,25 @@ type
   var
     Falgorithm: String;
     Fparameters: IECDomainParameters;
-    FpublicKeyParamSet: IDerObjectIdentifier;
 
   strict protected
 
     constructor Create(const algorithm: String; isPrivate: Boolean;
-      const parameters: IECDomainParameters); overload;
-
-    constructor Create(const algorithm: String; isPrivate: Boolean;
-      const publicKeyParamSet: IDerObjectIdentifier); overload;
+      const parameters: IECDomainParameters);
 
     function CreateKeyGenerationParameters(const random: ISecureRandom)
       : IECKeyGenerationParameters; inline;
 
     function GetAlgorithmName: String; inline;
-    function GetPublicKeyParamSet: IDerObjectIdentifier; inline;
     function GetParameters: IECDomainParameters; inline;
 
-    function Equals(const other: IECKeyParameters): Boolean; reintroduce; overload;
+    function Equals(const other: IECKeyParameters): Boolean;
+      reintroduce; overload;
 
   public
     class function VerifyAlgorithmName(const algorithm: String): String; static;
-    class function LookupParameters(const publicKeyParamSet
-      : IDerObjectIdentifier): IECDomainParameters; static;
     property AlgorithmName: String read GetAlgorithmName;
     property parameters: IECDomainParameters read GetParameters;
-    property publicKeyParamSet: IDerObjectIdentifier read GetPublicKeyParamSet;
     function GetHashCode(): {$IFDEF DELPHI}Int32; {$ELSE}PtrInt;
 {$ENDIF DELPHI}override;
 
@@ -90,53 +79,11 @@ type
 
 implementation
 
-uses
-  ClpECKeyPairGenerator; // included here to avoid circular dependency :)
-
-{ TECKeyParameters }
-
-function TECKeyParameters.GetPublicKeyParamSet: IDerObjectIdentifier;
-begin
-  result := FpublicKeyParamSet;
-end;
-
 function TECKeyParameters.GetParameters: IECDomainParameters;
 begin
   result := Fparameters;
 end;
 
-class function TECKeyParameters.LookupParameters(const publicKeyParamSet
-  : IDerObjectIdentifier): IECDomainParameters;
-var
-  p: IECDomainParameters;
-  x9: IX9ECParameters;
-
-begin
-  if publicKeyParamSet = Nil then
-  begin
-    raise EArgumentNilCryptoLibException.CreateRes(@SPublicKeyParamSetNil);
-  end;
-
-  p := TECGost3410NamedCurves.GetByOid(publicKeyParamSet);
-
-  if (p = Nil) then
-  begin
-    x9 := TECKeyPairGenerator.FindECCurveByOid(publicKeyParamSet);
-
-    if (x9 = Nil) then
-    begin
-      raise EArgumentCryptoLibException.CreateRes
-        (@SInvalidPublicKeyParamSetNil);
-
-    end;
-
-    p := TECDomainParameters.Create(x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
-  end;
-
-  result := p;
-
-end;
-
 class function TECKeyParameters.VerifyAlgorithmName(const algorithm
   : String): String;
 var
@@ -177,30 +124,9 @@ begin
   Fparameters := parameters;
 end;
 
-constructor TECKeyParameters.Create(const algorithm: String; isPrivate: Boolean;
-  const publicKeyParamSet: IDerObjectIdentifier);
-begin
-  Inherited Create(isPrivate);
-
-  if (algorithm = '') then
-    raise EArgumentNilCryptoLibException.CreateRes(@SAlgorithmNil);
-
-  if (publicKeyParamSet = Nil) then
-    raise EArgumentNilCryptoLibException.CreateRes(@SPublicKeyParamSetNil);
-
-  Falgorithm := VerifyAlgorithmName(algorithm);
-  Fparameters := LookupParameters(publicKeyParamSet);
-  FpublicKeyParamSet := publicKeyParamSet;
-end;
-
 function TECKeyParameters.CreateKeyGenerationParameters
   (const random: ISecureRandom): IECKeyGenerationParameters;
 begin
-  if (publicKeyParamSet <> Nil) then
-  begin
-    result := TECKeyGenerationParameters.Create(publicKeyParamSet, random);
-  end;
-
   result := TECKeyGenerationParameters.Create(parameters, random);
 end;
 

src/libraries/cryptolib4pascal/ClpECPrivateKeyParameters.pas

@@ -26,7 +26,6 @@ uses
   ClpCryptoLibTypes,
   ClpECKeyParameters,
   ClpIECPrivateKeyParameters,
-  ClpIAsn1Objects,
   ClpIECDomainParameters;
 
 resourcestring
@@ -49,12 +48,10 @@ type
     constructor Create(const algorithm: String; const d: TBigInteger;
       const parameters: IECDomainParameters); overload;
 
-    constructor Create(const algorithm: String; const d: TBigInteger;
-      const publicKeyParamSet: IDerObjectIdentifier); overload;
-
     property d: TBigInteger read GetD;
 
-    function Equals(const other: IECPrivateKeyParameters): Boolean; reintroduce; overload;
+    function Equals(const other: IECPrivateKeyParameters): Boolean;
+      reintroduce; overload;
     function GetHashCode(): {$IFDEF DELPHI}Int32; {$ELSE}PtrInt;
 {$ENDIF DELPHI}override;
 
@@ -82,17 +79,7 @@ begin
   if (not(d.IsInitialized)) then
     raise EArgumentNilCryptoLibException.CreateResFmt
       (@SBigIntegerNotInitialized, ['d']);
-  Fd := d;
-end;
-
-constructor TECPrivateKeyParameters.Create(const algorithm: String;
-  const d: TBigInteger; const publicKeyParamSet: IDerObjectIdentifier);
-begin
-  Inherited Create(algorithm, true, publicKeyParamSet);
-  if (not(d.IsInitialized)) then
-    raise EArgumentNilCryptoLibException.CreateResFmt
-      (@SBigIntegerNotInitialized, ['d']);
-  Fd := d;
+  Fd := parameters.ValidatePrivateScalar(d);
 end;
 
 function TECPrivateKeyParameters.Equals(const other

src/libraries/cryptolib4pascal/ClpECPublicKeyParameters.pas

@@ -51,12 +51,10 @@ type
     constructor Create(const algorithm: String; const q: IECPoint;
       const parameters: IECDomainParameters); overload;
 
-    constructor Create(const algorithm: String; const q: IECPoint;
-      const publicKeyParamSet: IDerObjectIdentifier); overload;
-
     property q: IECPoint read GetQ;
 
-    function Equals(const other: IECPublicKeyParameters): Boolean; reintroduce; overload;
+    function Equals(const other: IECPublicKeyParameters): Boolean;
+      reintroduce; overload;
     function GetHashCode(): {$IFDEF DELPHI}Int32; {$ELSE}PtrInt;
 {$ENDIF DELPHI}override;
 
@@ -81,7 +79,7 @@ begin
     raise EArgumentNilCryptoLibException.CreateRes(@SQNil);
   end;
 
-  Fq := TECDomainParameters.Validate(parameters.Curve, q);
+  Fq := parameters.validatePublicPoint(q);
 end;
 
 constructor TECPublicKeyParameters.Create(const q: IECPoint;
@@ -90,19 +88,6 @@ begin
   Create('EC', q, parameters);
 end;
 
-constructor TECPublicKeyParameters.Create(const algorithm: String;
-  const q: IECPoint; const publicKeyParamSet: IDerObjectIdentifier);
-begin
-  Inherited Create(algorithm, false, publicKeyParamSet);
-
-  if (q = Nil) then
-  begin
-    raise EArgumentNilCryptoLibException.CreateRes(@SQNil);
-  end;
-
-  Fq := TECDomainParameters.Validate(parameters.Curve, q);
-end;
-
 function TECPublicKeyParameters.Equals(const other
   : IECPublicKeyParameters): Boolean;
 begin

src/libraries/cryptolib4pascal/ClpIECDomainParameters.pas

@@ -48,6 +48,8 @@ type
     function Equals(const other: IECDomainParameters): Boolean;
     function GetHashCode(): {$IFDEF DELPHI}Int32; {$ELSE}PtrInt;
 {$ENDIF DELPHI}
+    function ValidatePrivateScalar(const d: TBigInteger): TBigInteger;
+    function ValidatePublicPoint(const q: IECPoint): IECPoint;
   end;
 
 implementation

src/libraries/cryptolib4pascal/ClpIECKeyGenerationParameters.pas

@@ -23,7 +23,6 @@ interface
 
 uses
   ClpIECDomainParameters,
-  ClpIAsn1Objects,
   ClpIKeyGenerationParameters;
 
 type
@@ -31,10 +30,7 @@ type
     ['{B9343CA3-9274-4812-9FFC-2CC27486261E}']
 
     function GetDomainParameters: IECDomainParameters;
-    function GetPublicKeyParamSet: IDerObjectIdentifier;
-
     property domainParameters: IECDomainParameters read GetDomainParameters;
-    property publicKeyParamSet: IDerObjectIdentifier read GetPublicKeyParamSet;
   end;
 
 implementation

src/libraries/cryptolib4pascal/ClpIECKeyParameters.pas

@@ -24,21 +24,18 @@ interface
 uses
 
   ClpIAsymmetricKeyParameter,
-  ClpIECDomainParameters,
-  ClpIAsn1Objects;
+  ClpIECDomainParameters;
 
 type
   IECKeyParameters = interface(IAsymmetricKeyParameter)
     ['{50966A0E-21A4-41C3-9246-87B4ED67CE4D}']
 
     function GetAlgorithmName: String;
-    function GetPublicKeyParamSet: IDerObjectIdentifier;
     function GetParameters: IECDomainParameters;
 
     function Equals(const other: IECKeyParameters): Boolean; overload;
 
     property AlgorithmName: String read GetAlgorithmName;
-    property PublicKeyParamSet: IDerObjectIdentifier read GetPublicKeyParamSet;
     property Parameters: IECDomainParameters read GetParameters;
 
   end;