Enhance security (1)

src/neo/Cryptography/Base58.cs

@@ -12,6 +12,7 @@ public static class Base58
 
         public static byte[] Base58CheckDecode(this string input)
         {
+            if (string.IsNullOrEmpty(input)) throw new ArgumentException("input cannot be null or empty string");
             byte[] buffer = Decode(input);
             if (buffer.Length < 4) throw new FormatException();
             byte[] checksum = buffer.Sha256(0, buffer.Length - 4).Sha256();

src/neo/Cryptography/BloomFilter.cs

@@ -1,3 +1,4 @@
+using System;
 using System.Collections;
 using System.Linq;
 
@@ -16,6 +17,7 @@ public class BloomFilter
 
         public BloomFilter(int m, int k, uint nTweak, byte[] elements = null)
         {
+            if (k < 0 || k - 1 > int.MaxValue || m < 0) throw new ArgumentOutOfRangeException();
             this.seeds = Enumerable.Range(0, k).Select(p => (uint)p * 0xFBA4C795 + nTweak).ToArray();
             this.bits = elements == null ? new BitArray(m) : new BitArray(elements);
             this.bits.Length = m;
@@ -38,6 +40,8 @@ public bool Check(byte[] element)
 
         public void GetBits(byte[] newBits)
         {
+            if (newBits is null) throw new ArgumentNullException();
+            if (newBits.Length < bits.Length) throw new ArgumentException();
             bits.CopyTo(newBits, 0);
         }
     }

src/neo/Cryptography/Crypto.cs

@@ -17,6 +17,8 @@ public static byte[] Hash256(ReadOnlySpan<byte> message)
 
         public static byte[] Sign(byte[] message, byte[] prikey, byte[] pubkey)
         {
+            if (message is null || prikey is null || pubkey is null) throw new ArgumentNullException();
+            if (prikey.Length != 32 || pubkey.Length != 64) throw new ArgumentException();
             using (var ecdsa = ECDsa.Create(new ECParameters
             {
                 Curve = ECCurve.NamedCurves.nistP256,

src/neo/Cryptography/ECC/ECFieldElement.cs

@@ -10,6 +10,8 @@ internal class ECFieldElement : IComparable<ECFieldElement>, IEquatable<ECFieldE
 
         public ECFieldElement(BigInteger value, ECCurve curve)
         {
+            if (curve == null)
+                throw new ArgumentException("The field element is null");
             if (value >= curve.Q)
                 throw new ArgumentException("x value too large in field element");
             this.Value = value;
@@ -19,6 +21,7 @@ public ECFieldElement(BigInteger value, ECCurve curve)
         public int CompareTo(ECFieldElement other)
         {
             if (ReferenceEquals(this, other)) return 0;
+            if (!curve.Equals(other.curve)) throw new InvalidOperationException("Invalid comparision for points with different curves");
             return Value.CompareTo(other.Value);
         }
 
@@ -35,7 +38,7 @@ public override bool Equals(object obj)
 
         public bool Equals(ECFieldElement other)
         {
-            return Value.Equals(other.Value);
+            return Value.Equals(other.Value) && curve.Equals(other.curve);
         }
 
         private static BigInteger[] FastLucasSequence(BigInteger p, BigInteger P, BigInteger Q, BigInteger k)

src/neo/Cryptography/ECC/ECPoint.cs

@@ -22,15 +22,16 @@ public bool IsInfinity
 
         internal ECPoint(ECFieldElement x, ECFieldElement y, ECCurve curve)
         {
-            if ((x != null && y == null) || (x == null && y != null))
-                throw new ArgumentException("Exactly one of the field elements is null");
+            if ((x != null && y is null) || (x is null && y != null) || (x is null && y is null && curve is null))
+                throw new ArgumentException("The field element is null");
             this.X = x;
             this.Y = y;
             this.Curve = curve;
         }
 
         public int CompareTo(ECPoint other)
         {
+            if (!Curve.Equals(other.Curve)) throw new InvalidOperationException("Invalid comparision for points with different curves");
             if (ReferenceEquals(this, other)) return 0;
             int result = X.CompareTo(other.X);
             if (result != 0) return result;

src/neo/Cryptography/Helper.cs

@@ -15,6 +15,8 @@ public static class Helper
     {
         internal static byte[] AES256Decrypt(this byte[] block, byte[] key)
         {
+            if (block is null || key is null) throw new ArgumentNullException();
+            if (key.Length != 16 && key.Length != 24 && key.Length != 32) throw new ArgumentException();
             using (Aes aes = Aes.Create())
             {
                 aes.Key = key;
@@ -29,6 +31,8 @@ internal static byte[] AES256Decrypt(this byte[] block, byte[] key)
 
         internal static byte[] AES256Encrypt(this byte[] block, byte[] key)
         {
+            if (block is null || key is null) throw new ArgumentNullException();
+            if (key.Length != 16 && key.Length != 24 && key.Length != 32) throw new ArgumentException();
             using (Aes aes = Aes.Create())
             {
                 aes.Key = key;

src/neo/Cryptography/MerkleTree.cs

@@ -15,7 +15,7 @@ public class MerkleTree
 
         internal MerkleTree(UInt256[] hashes)
         {
-            if (hashes.Length == 0) throw new ArgumentException();
+            if (hashes is null || hashes.Length == 0) throw new ArgumentException();
             this.root = Build(hashes.Select(p => new MerkleTreeNode { Hash = p }).ToArray());
             int depth = 1;
             for (MerkleTreeNode i = root; i.LeftChild != null; i = i.LeftChild)

src/neo/Cryptography/Murmur3.cs

@@ -28,6 +28,7 @@ public Murmur3(uint seed)
 
         protected override void HashCore(byte[] array, int ibStart, int cbSize)
         {
+            if (ibStart < 0 || cbSize < 0 || ibStart >= cbSize) throw new ArgumentException();
             length += cbSize;
             int remainder = cbSize & 3;
             int alignedLength = ibStart + (cbSize - remainder);

tests/neo.UnitTests/Cryptography/ECC/UT_ECFieldElement.cs

@@ -23,13 +23,37 @@ public void TestECFieldElementConstructor()
             action.Should().Throw<ArgumentException>();
         }
 
+        [TestMethod]
+        public void TestCompareTo()
+        {
+            ECFieldElement X1 = new ECFieldElement(new BigInteger(100), ECCurve.Secp256k1);
+            ECFieldElement Y1 = new ECFieldElement(new BigInteger(200), ECCurve.Secp256k1);
+            ECFieldElement X2 = new ECFieldElement(new BigInteger(300), ECCurve.Secp256k1);
+            ECFieldElement Y2 = new ECFieldElement(new BigInteger(400), ECCurve.Secp256k1);
+            ECFieldElement X3 = new ECFieldElement(new BigInteger(100), ECCurve.Secp256r1);
+            ECFieldElement Y3 = new ECFieldElement(new BigInteger(400), ECCurve.Secp256r1);
+            ECPoint point1 = new ECPoint(X1, Y1, ECCurve.Secp256k1);
+            ECPoint point2 = new ECPoint(X2, Y1, ECCurve.Secp256k1);
+            ECPoint point3 = new ECPoint(X1, Y2, ECCurve.Secp256k1);
+            ECPoint point4 = new ECPoint(X3, Y3, ECCurve.Secp256r1);
+
+            point1.CompareTo(point1).Should().Be(0);
+            point1.CompareTo(point2).Should().Be(-1);
+            point2.CompareTo(point1).Should().Be(1);
+            point1.CompareTo(point3).Should().Be(-1);
+            point3.CompareTo(point1).Should().Be(1);
+            Action action = () => point3.CompareTo(point4);
+            action.Should().Throw<InvalidOperationException>();
+        }
+
         [TestMethod]
         public void TestEquals()
         {
             BigInteger input = new BigInteger(100);
             object element = new ECFieldElement(input, ECCurve.Secp256k1);
             element.Equals(element).Should().BeTrue();
             element.Equals(1).Should().BeFalse();
+            element.Equals(new ECFieldElement(input, ECCurve.Secp256r1)).Should().BeFalse();
 
             input = new BigInteger(200);
             element.Equals(new ECFieldElement(input, ECCurve.Secp256k1)).Should().BeFalse();

tests/neo.UnitTests/Cryptography/ECC/UT_ECPoint.cs

@@ -28,18 +28,12 @@ public static byte[] generatePrivateKey(int privateKeyLength)
         public void TestCompareTo()
         {
             ECFieldElement X1 = new ECFieldElement(new BigInteger(100), ECCurve.Secp256k1);
-            ECFieldElement Y1 = new ECFieldElement(new BigInteger(200), ECCurve.Secp256k1);
-            ECFieldElement X2 = new ECFieldElement(new BigInteger(300), ECCurve.Secp256k1);
-            ECFieldElement Y2 = new ECFieldElement(new BigInteger(400), ECCurve.Secp256k1);
-            ECPoint point1 = new ECPoint(X1, Y1, ECCurve.Secp256k1);
-            ECPoint point2 = new ECPoint(X2, Y1, ECCurve.Secp256k1);
-            ECPoint point3 = new ECPoint(X1, Y2, ECCurve.Secp256k1);
+            ECFieldElement X2 = new ECFieldElement(new BigInteger(200), ECCurve.Secp256k1);
+            ECFieldElement X3 = new ECFieldElement(new BigInteger(100), ECCurve.Secp256r1);
 
-            point1.CompareTo(point1).Should().Be(0);
-            point1.CompareTo(point2).Should().Be(-1);
-            point2.CompareTo(point1).Should().Be(1);
-            point1.CompareTo(point3).Should().Be(-1);
-            point3.CompareTo(point1).Should().Be(1);
+            X1.CompareTo(X2).Should().Be(-1);
+            Action action = () => X1.CompareTo(X3);
+            action.Should().Throw<InvalidOperationException>();
         }
 
         [TestMethod]
@@ -60,6 +54,8 @@ public void TestECPointConstructor()
             action.Should().Throw<ArgumentException>();
             action = () => new ECPoint(null, Y, ECCurve.Secp256k1);
             action.Should().Throw<ArgumentException>();
+            action = () => new ECPoint(null, Y, null);
+            action.Should().Throw<ArgumentException>();
         }
 
         [TestMethod]