curve25519 private key parsing fails since 1.74

[njiber]

Hello,

I think since bouncycastle version 1.74 there is a bug concerning the curve25519 support.

With bouncy castle version 1.73 the following code works:

import java.security.Security;
import java.security.KeyFactory;
import java.security.interfaces.ECPrivateKey;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.util.encoders.Hex;

import java.math.BigInteger;

public final class Test {
  @Test
  public void demo() throws InvalidKeySpecException, NoSuchAlgorithmException,
      NoSuchProviderException {
    Security.addProvider(new BouncyCastleProvider());

    KeyFactory kf = KeyFactory.getInstance("EC", "BC");

    X9ECParameters params = CustomNamedCurves.getByName("curve25519");

    ECParameterSpec spec = new ECParameterSpec(params.getCurve(), params.getG(),
        params.getN(), params.getH());

    byte[] s = Hex.decode(
        "36704190D0033DB4ABF4E5A10E692C08D4CC0FEA67EF0AAA63E0BEF440A8F0C5");
    ECPrivateKey targetPrivateKey = (ECPrivateKey) kf
        .generatePrivate(new ECPrivateKeySpec(new BigInteger(s), spec));
  }
}

Since version 1.74, the code above fails with:

java.lang.IllegalArgumentException: Scalar is not in the interval [1, n - 1]

However, I do think that like for other 256 bit ec curves, every 32 bytes value should be a valid private key; or is my understanding of curve25519 incorrect and bouncy castle now behaves proper?

Thank you!